Weekly Vulnerabilities Reports > April 20 to 26, 2020

Overview

424 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 428 products from 103 vendors including Netgear, Foxitsoftware, Prestashop, Jetbrains, and Canonical. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Injection", "Information Exposure", and "Improper Input Validation".

  • 243 reported vulnerabilities are remotely exploitables.
  • 120 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 333 reported vulnerabilities are exploitable by an anonymous user.
  • Netgear has the most reported vulnerabilities, with 212 reported vulnerabilities.
  • Dlink has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-24 CVE-2020-5868 F5 OS Command Injection vulnerability in F5 Big-Iq Centralized Management

In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface.

10.0
2020-04-23 CVE-2020-4415 IBM Out-of-bounds Write vulnerability in IBM Spectrum Protect

IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.

10.0
2020-04-21 CVE-2020-10569 Sysaid Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11

** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack.

10.0
2020-04-21 CVE-2020-8842 MSI Unquoted Search Path or Element vulnerability in MSI True Color 2.0

Unquoted search path vulnerability in MSI True Color before 3.0.52.0 allows privilege escalation to SYSTEM.

10.0
2020-04-20 CVE-2020-9279 Dlink Use of Hard-coded Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

10.0
2020-04-24 CVE-2020-7131 HP Missing Authorization vulnerability in HP products

This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products.

9.0
2020-04-22 CVE-2020-7055 Elementor Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder

An issue was discovered in Elementor 2.7.4.

9.0
2020-04-21 CVE-2020-10787 Vestacp Improper Privilege Management vulnerability in Vestacp Vesta Control Panel

An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).

9.0
2020-04-21 CVE-2020-10786 Vestacp Improper Input Validation vulnerability in Vestacp Vesta Control Panel

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

9.0
2020-04-21 CVE-2020-11967 Evenroute Improper Privilege Management vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control.

9.0
2020-04-20 CVE-2020-9276 Dlink Out-of-bounds Write vulnerability in Dlink Dsl-2640B Firmware Eu4.01B

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

9.0

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-22 CVE-2020-12066 Teeworlds
Opensuse
Resource Exhaustion vulnerability in multiple products

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

7.8
2020-04-26 CVE-2020-12265 Decompress Project Path Traversal vulnerability in Decompress Project Decompress

The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal.

7.5
2020-04-24 CVE-2020-7133 HP Missing Authorization vulnerability in HP HPE IOT + GCP

A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

7.5
2020-04-24 CVE-2020-6826 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74.

7.5
2020-04-24 CVE-2020-6825 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6.

7.5
2020-04-24 CVE-2020-6823 Mozilla Improper Privilege Management vulnerability in Mozilla Firefox

A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.

7.5
2020-04-24 CVE-2020-12134 Nanometrics Missing Release of Resource after Effective Lifetime vulnerability in Nanometrics Centaur and Titansma

Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log.

7.5
2020-04-23 CVE-2018-21162 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

7.5
2020-04-23 CVE-2018-21161 Netgear Unspecified vulnerability in Netgear D7800 Firmware, R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

7.5
2020-04-23 CVE-2018-21137 Netgear Use of Hard-coded Credentials vulnerability in Netgear D3600 Firmware and D6000 Firmware

Certain NETGEAR devices are affected by a hardcoded password.

7.5
2020-04-23 CVE-2018-21134 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

7.5
2020-04-23 CVE-2018-21133 Netgear Out-of-bounds Write vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

7.5
2020-04-23 CVE-2018-21132 Netgear Missing Authentication for Critical Function vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by authentication bypass.

7.5
2020-04-23 CVE-2019-20788 Libvncserver Project
Canonical
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value.

7.5
2020-04-23 CVE-2020-11945 Squid Cache
Debian
Opensuse
Fedoraproject
Canonical
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in Squid before 5.0.2.

7.5
2020-04-23 CVE-2020-11939 Ntop Integer Overflow or Wraparound vulnerability in Ntop Ndpi

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c.

7.5
2020-04-23 CVE-2019-8359 Contiki NG
Contiki OS
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0.

7.5
2020-04-23 CVE-2020-12079 Beakerbrowser Improper Input Validation vulnerability in Beakerbrowser Beaker

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution.

7.5
2020-04-22 CVE-2020-10915 Veeam Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.

7.5
2020-04-22 CVE-2020-10914 Veeam Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587.

7.5
2020-04-22 CVE-2020-7489 SE Injection vulnerability in SE products

A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification).

7.5
2020-04-22 CVE-2020-7487 SE Insufficient Verification of Data Authenticity vulnerability in SE products

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers.

7.5
2020-04-22 CVE-2019-20787 Teeworlds
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size.

7.5
2020-04-22 CVE-2019-19104 ABB
Busch Jaeger
Improper Authentication vulnerability in multiple products

The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules.

7.5
2020-04-22 CVE-2020-11796 Jetbrains Improper Authentication vulnerability in Jetbrains Space 20200422

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

7.5
2020-04-22 CVE-2020-11690 Jetbrains Unspecified vulnerability in Jetbrains Intellij Idea

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

7.5
2020-04-21 CVE-2020-11966 Evenroute Weak Password Requirements vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily.

7.5
2020-04-21 CVE-2020-11965 Evenroute Insufficiently Protected Credentials vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH.

7.5
2020-04-21 CVE-2020-11963 Evenroute OS Command Injection vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection.

7.5
2020-04-20 CVE-2020-9277 Dlink Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

7.5
2020-04-20 CVE-2019-19108 BR Automation Use of Hard-coded Credentials vulnerability in Br-Automation Automation Runtime and Automation Studio

An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.

7.5
2020-04-20 CVE-2020-11928 Media Library Assistant Project Injection vulnerability in Media Library Assistant Project Media Library Assistant

In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.

7.5
2020-04-24 CVE-2019-15794 Linux
Canonical
Operation on a Resource after Expiration or Release vulnerability in multiple products

Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers.

7.2
2020-04-22 CVE-2020-5740 Plex Improper Input Validation vulnerability in Plex Media Server 0.9.9.2/1.18.2.202936236Cc4C

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.

7.2

304 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-23 CVE-2020-8797 Juplink Injection vulnerability in Juplink Rx4-1500 Firmware 1.0.3

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.

6.9
2020-04-23 CVE-2020-4311 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Monitoring 6.3.0

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system.

6.9
2020-04-22 CVE-2020-7490 SE Untrusted Search Path vulnerability in SE Vijeo Designer 1.1/6.9

A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product.

6.9
2020-04-24 CVE-2020-6822 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>.

6.8
2020-04-24 CVE-2020-6820 Mozilla Double Free vulnerability in Mozilla Firefox

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free.

6.8
2020-04-24 CVE-2020-6819 Mozilla Use After Free vulnerability in Mozilla Firefox

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free.

6.8
2020-04-24 CVE-2019-4750 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0

IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2020-04-24 CVE-2017-18703 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-24 CVE-2017-18708 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear R8300 Firmware and R8500 Firmware

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-23 CVE-2018-21160 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

6.8
2020-04-23 CVE-2020-5867 F5 Improper Input Validation vulnerability in F5 Nginx Controller

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

6.8
2020-04-23 CVE-2018-21102 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas OS Firmware

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

6.8
2020-04-23 CVE-2017-18749 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-23 CVE-2017-18742 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-23 CVE-2020-12076 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Data Tables Generator

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions.

6.8
2020-04-22 CVE-2020-7350 Rapid7 OS Command Injection vulnerability in Rapid7 Metasploit

Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name.

6.8
2020-04-22 CVE-2020-10913 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Foxit Reader

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10912 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10911 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10910 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10909 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10908 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10907 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10906 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10904 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10902 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10900 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10899 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10898 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10897 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10896 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10895 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10893 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511.

6.8
2020-04-22 CVE-2020-10892 Foxitsoftware Cross-Site Request Forgery (CSRF) vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10891 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10890 Foxitsoftware Cross-Site Request Forgery (CSRF) vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2020-10889 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478.

6.8
2020-04-22 CVE-2017-18755 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-22 CVE-2017-18768 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-22 CVE-2020-8477 ABB Cross-site Scripting vulnerability in ABB 800Xa Information Manager

The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component.

6.8
2020-04-22 CVE-2017-18782 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-22 CVE-2017-18781 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-22 CVE-2017-18775 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-21 CVE-2017-18791 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-21 CVE-2020-11958 Re2C
Canonical
Out-of-bounds Write vulnerability in multiple products

re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme.

6.8
2020-04-20 CVE-2017-18848 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-20 CVE-2017-18842 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-20 CVE-2017-18852 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF and authentication bypass.

6.8
2020-04-23 CVE-2018-21164 Netgear OS Command Injection vulnerability in Netgear R6220 Firmware and Wndr3700 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2020-04-23 CVE-2018-21163 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.5
2020-04-23 CVE-2018-21135 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.5
2020-04-23 CVE-2020-12077 Mappresspro Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress

The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution.

6.5
2020-04-23 CVE-2020-12075 Supsystic Incorrect Default Permissions vulnerability in Supsystic Data Tables Generator

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.

6.5
2020-04-23 CVE-2020-12074 Webtoffee Injection vulnerability in Webtoffee Import Export Wordpress Users

The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV.

6.5
2020-04-23 CVE-2020-12073 Cyberchimps Unspecified vulnerability in Cyberchimps Gutenberg & Elementor Templates Importer FOR Responsive

The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests.

6.5
2020-04-22 CVE-2020-11011 Phproject Unrestricted Upload of File with Dangerous Type vulnerability in PHProject

In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code.

6.5
2020-04-20 CVE-2020-11010 Tortoise ORM Project SQL Injection vulnerability in Tortoise ORM Project Tortoise ORM

In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields.

6.5
2020-04-20 CVE-2020-11753 Sonatype Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0.

6.5
2020-04-24 CVE-2020-6828 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox ESR

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory.

6.4
2020-04-24 CVE-2020-5869 F5 Information Exposure vulnerability in F5 Big-Iq Centralized Management

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit.

6.4
2020-04-23 CVE-2020-12118 Binance Incorrect Default Permissions vulnerability in Binance Tss-Lib 1.0.0/1.1.0/1.1.1

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.

6.4
2020-04-23 CVE-2018-21131 Netgear Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by unauthenticated firmware downgrade.

6.4
2020-04-22 CVE-2020-10712 Redhat Information Exposure Through Log Files vulnerability in Redhat Openshift Container Platform

A flaw was found in OpenShift Container Platform version 4.1 and later.

6.4
2020-04-22 CVE-2019-19106 ABB
Busch Jaeger
Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings.
6.4
2020-04-20 CVE-2020-9278 Dlink Improper Input Validation vulnerability in Dlink Dsl-2640B Firmware Eu4.01B

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

6.4
2020-04-20 CVE-2020-5293 Prestashop Incorrect Authorization vulnerability in Prestashop

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices.

6.4
2020-04-20 CVE-2020-5288 Prestashop Incorrect Authorization vulnerability in Prestashop

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page.

6.4
2020-04-20 CVE-2020-5287 Prestashop Incorrect Authorization vulnerability in Prestashop

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search.

6.4
2020-04-20 CVE-2020-5279 Prestashop Incorrect Authorization vulnerability in Prestashop

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers.

6.4
2020-04-23 CVE-2020-4202 IBM Improper Privilege Management vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE).

6.0
2020-04-22 CVE-2018-21120 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.0
2020-04-24 CVE-2017-18705 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-24 CVE-2017-18727 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18726 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18725 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18724 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18723 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18722 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18721 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18720 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-24 CVE-2017-18719 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18718 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18717 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18716 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18711 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-24 CVE-2017-18731 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-24 CVE-2017-18730 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18729 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-24 CVE-2017-18728 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2018-21138 Netgear Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-23 CVE-2020-5865 F5 Information Exposure vulnerability in F5 Nginx Controller

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

5.8
2020-04-23 CVE-2020-5864 F5 Improper Certificate Validation vulnerability in F5 Nginx Controller

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

5.8
2020-04-23 CVE-2017-18739 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18738 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18737 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18736 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18735 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18734 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18733 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-23 CVE-2017-18732 Netgear Improper Authentication vulnerability in Netgear Plw1000 Firmware, Plw1010 Firmware and R6300 Firmware

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-23 CVE-2017-18751 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18750 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18748 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-23 CVE-2017-18744 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

5.8
2020-04-23 CVE-2017-18743 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-23 CVE-2017-18740 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-22 CVE-2018-21130 Netgear OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2018-21128 Netgear Improper Authentication vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-22 CVE-2018-21127 Netgear OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2017-18756 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-04-22 CVE-2018-21126 Netgear OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2018-21125 Netgear Improper Authentication vulnerability in Netgear Wac510 Firmware 1.3.0.10

NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass.

5.8
2020-04-22 CVE-2018-21124 Netgear Improper Privilege Management vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.

5.8
2020-04-22 CVE-2018-21123 Netgear Injection vulnerability in Netgear Wc7500 Firmware, Wc7520 Firmware and Wc7600 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2018-21121 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-22 CVE-2018-21118 Netgear Improper Authentication vulnerability in Netgear Xr500 Firmware

NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.

5.8
2020-04-22 CVE-2017-18764 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2017-18762 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2018-21117 Netgear Unspecified vulnerability in Netgear Xr500 Firmware

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.

5.8
2020-04-22 CVE-2018-21116 Netgear Unspecified vulnerability in Netgear Xr500 Firmware

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

5.8
2020-04-22 CVE-2018-21115 Netgear Improper Input Validation vulnerability in Netgear Xr500 Firmware

NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.

5.8
2020-04-22 CVE-2018-21113 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-04-22 CVE-2017-18772 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-20 CVE-2020-9444 Zulip Improper Restriction of Rendered UI Layers or Frames vulnerability in Zulip Server

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.

5.8
2020-04-20 CVE-2020-5270 Prestashop Open Redirect vulnerability in Prestashop

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter.

5.8
2020-04-24 CVE-2020-6212 SAP Missing Authorization vulnerability in SAP ERP and S/4Hana

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.

5.5
2020-04-21 CVE-2020-1757 Redhat Improper Input Validation vulnerability in Redhat products

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

5.5
2020-04-24 CVE-2018-21228 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-24 CVE-2018-21227 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-24 CVE-2017-18699 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-24 CVE-2017-18698 Netgear Out-of-bounds Write vulnerability in Netgear R6100 Firmware, R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-24 CVE-2017-18697 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-24 CVE-2017-18707 Netgear Classic Buffer Overflow vulnerability in Netgear R8300 Firmware and R8500 Firmware

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-23 CVE-2018-21110 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21109 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21108 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21107 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21106 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21105 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21104 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21103 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-23 CVE-2018-21101 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2018-21151 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2018-21150 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2017-18758 Netgear Out-of-bounds Write vulnerability in Netgear R6700 Firmware, R6800 Firmware and R6900 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2017-18754 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2018-21119 Netgear Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2017-18767 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2017-18761 Netgear Out-of-bounds Write vulnerability in Netgear R8000 Firmware

NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2017-18759 Netgear Out-of-bounds Write vulnerability in Netgear R8300 Firmware and R8500 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2018-21114 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2018-21112 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-22 CVE-2018-21111 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-22 CVE-2017-18770 Netgear Classic Buffer Overflow vulnerability in Netgear Plw1000 Firmware, Plw1010 Firmware and R7800 Firmware

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-21 CVE-2018-21148 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-21 CVE-2018-21147 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-21 CVE-2018-21146 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-21 CVE-2018-21145 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-21 CVE-2018-21144 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-24 CVE-2020-12070 Advanced WOO Search Information Exposure vulnerability in Advanced-Woo-Search Advanced WOO Search

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.

5.0
2020-04-24 CVE-2020-11004 Admidio SQL Injection vulnerability in Admidio

SQL Injection was discovered in Admidio before version 3.3.13.

5.0
2020-04-24 CVE-2020-6821 Mozilla Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox

When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero.

5.0
2020-04-24 CVE-2019-4751 IBM Information Exposure vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0

IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering.

5.0
2020-04-24 CVE-2020-12063 Postfix Insufficient Verification of Data Authenticity vulnerability in Postfix 2.10.1

** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character.

5.0
2020-04-24 CVE-2020-12128 File Transfer Ifamily Project Path Traversal vulnerability in File Transfer Ifamily Project File Transfer Ifamily 2.1

DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path.

5.0
2020-04-23 CVE-2020-11012 Minio Improper Authentication vulnerability in Minio

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API.

5.0
2020-04-23 CVE-2018-21139 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

5.0
2020-04-23 CVE-2020-12112 Bigbluebutton Information Exposure vulnerability in Bigbluebutton

BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.

5.0
2020-04-23 CVE-2020-7643 Idea Unspecified vulnerability in Idea Paypal-Adaptive

paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution.

5.0
2020-04-23 CVE-2020-11940 Ntop Out-of-bounds Read vulnerability in Ntop Ndpi

In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.

5.0
2020-04-23 CVE-2019-9183 Contiki NG
Contiki OS
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0.

5.0
2020-04-23 CVE-2020-5571 Sharp Information Exposure vulnerability in Sharp products

SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.

5.0
2020-04-22 CVE-2020-8867 Opcfoundation Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30.

5.0
2020-04-22 CVE-2020-11506 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab 10.7.0 and later through 12.9.2.

5.0
2020-04-22 CVE-2020-11505 Gitlab Information Exposure vulnerability in Gitlab

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3.

5.0
2020-04-22 CVE-2020-7488 SE Cleartext Transmission of Sensitive Information vulnerability in SE products

A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers.

5.0
2020-04-22 CVE-2019-6859 SE Use of Hard-coded Credentials vulnerability in SE products

A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network.

5.0
2020-04-22 CVE-2020-11795 Jetbrains Insufficient Session Expiration vulnerability in Jetbrains Space 20200422

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

5.0
2020-04-22 CVE-2020-11693 Jetbrains Improper Input Validation vulnerability in Jetbrains Youtrack

JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue.

5.0
2020-04-22 CVE-2020-11691 Jetbrains Improper Input Validation vulnerability in Jetbrains HUB

In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible.

5.0
2020-04-22 CVE-2020-11688 Jetbrains Insufficient Session Expiration vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

5.0
2020-04-22 CVE-2020-11687 Jetbrains Information Exposure vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

5.0
2020-04-22 CVE-2020-11685 Jetbrains Missing Encryption of Sensitive Data vulnerability in Jetbrains Goland

In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS.

5.0
2020-04-22 CVE-2020-12059 Linuxfoundation NULL Pointer Dereference vulnerability in Linuxfoundation Ceph

An issue was discovered in Ceph through 13.2.9.

5.0
2020-04-21 CVE-2020-12051 Mediawiki Information Exposure vulnerability in Mediawiki

The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request.

5.0
2020-04-21 CVE-2020-11008 GIT
Canonical
Debian
Fedoraproject
Insufficiently Protected Credentials vulnerability in multiple products

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.

5.0
2020-04-21 CVE-2019-4327 Hcltech Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.14

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."

5.0
2020-04-21 CVE-2017-18799 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.0
2020-04-21 CVE-2020-1699 Linuxfoundation
Redhat
Path Traversal vulnerability in multiple products

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0.

5.0
2020-04-21 CVE-2020-11891 Joomla Incorrect Authorization vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.17.

5.0
2020-04-21 CVE-2020-11890 Joomla Improper Input Validation vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.17.

5.0
2020-04-21 CVE-2020-11889 Joomla Incorrect Authorization vulnerability in Joomla Joomla!

An issue was discovered in Joomla! before 3.9.17.

5.0
2020-04-21 CVE-2019-8961 Flexera Resource Exhaustion vulnerability in Flexera Flexnet Publisher 11.16.2

A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2.

5.0
2020-04-21 CVE-2019-8960 Flexera Improper Check for Unusual or Exceptional Conditions vulnerability in Flexera Flexnet Publisher 11.16.2

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2.

5.0
2020-04-21 CVE-2020-1967 Openssl
Debian
Freebsd
Fedoraproject
Oracle
Netapp
Broadcom
Opensuse
Jdedwards
NULL Pointer Dereference vulnerability in multiple products

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension.

5.0
2020-04-21 CVE-2020-11828 Oppo Information Exposure vulnerability in Oppo Coloros

In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR.

5.0
2020-04-21 CVE-2020-11968 Evenroute Information Exposure Through Log Files vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control.

5.0
2020-04-21 CVE-2020-11964 Evenroute Insufficiently Protected Credentials vulnerability in Evenroute Iqrouter Firmware 3.3.1

** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily.

5.0
2020-04-20 CVE-2020-9275 Dlink Insufficiently Protected Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B

An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices.

5.0
2020-04-20 CVE-2020-11946 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Opmanager 12.5

Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call.

5.0
2020-04-20 CVE-2020-3946 Vmware Resource Exhaustion vulnerability in VMWare Installbuilder

InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).

5.0
2020-04-21 CVE-2020-5268 Sustainsys Improper Authentication vulnerability in Sustainsys Saml2

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases.

4.9
2020-04-24 CVE-2018-21231 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

4.8
2020-04-24 CVE-2018-21230 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

4.8
2020-04-24 CVE-2017-18702 Netgear Unspecified vulnerability in Netgear R6220 Firmware 1.1.0.46/1.1.0.50

NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings.

4.8
2020-04-24 CVE-2020-5870 F5 Missing Authentication for Critical Function vulnerability in F5 Big-Iq Centralized Management

In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer.

4.8
2020-04-22 CVE-2017-18757 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

4.8
2020-04-22 CVE-2020-11539 Titan Insufficient Verification of Data Authenticity vulnerability in Titan SF Rush Smart Band Firmware 1.12

An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices.

4.8
2020-04-26 CVE-2020-12254 Avira Link Following vulnerability in Avira Antivirus

Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink.

4.6
2020-04-24 CVE-2017-18709 Netgear Unspecified vulnerability in Netgear R8300 Firmware and R8500 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

4.6
2020-04-24 CVE-2019-15793 Linux
Canonical
Incorrect Default Permissions vulnerability in multiple products

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem.

4.6
2020-04-24 CVE-2019-15792 Linux
Canonical
Type Confusion vulnerability in multiple products

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *".

4.6
2020-04-24 CVE-2019-15791 Linux
Canonical
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file.

4.6
2020-04-23 CVE-2019-17101 Netatmo Injection vulnerability in Netatmo Smart Indoor Camera Firmware

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device.

4.6
2020-04-22 CVE-2020-8474 ABB Improper Privilege Management vulnerability in ABB 800Xa Base System 6.0.0

Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction.

4.6
2020-04-22 CVE-2017-18787 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-22 CVE-2017-18786 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-22 CVE-2017-18779 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow.

4.6
2020-04-22 CVE-2017-18776 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

4.6
2020-04-22 CVE-2017-18773 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-22 CVE-2017-18788 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-21 CVE-2017-18801 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18796 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18795 Netgear Injection vulnerability in Netgear D6100 Firmware and D6220 Firmware

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18794 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18793 Netgear Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.

4.6
2020-04-21 CVE-2017-18792 Netgear Injection vulnerability in Netgear D6100 Firmware

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

4.6
2020-04-21 CVE-2017-18805 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18804 Netgear Injection vulnerability in Netgear R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18802 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2017-18808 Netgear Unspecified vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

4.6
2020-04-21 CVE-2017-18806 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-21 CVE-2020-8099 Bitdefender Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location.

4.6
2020-04-20 CVE-2017-18837 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by vertical privilege escalation.

4.6
2020-04-20 CVE-2017-18830 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by vertical privilege escalation.

4.6
2020-04-20 CVE-2017-18829 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by vertical privilege escalation.

4.6
2020-04-20 CVE-2017-18826 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by vertical privilege escalation.

4.6
2020-04-20 CVE-2017-18822 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by vertical privilege escalation.

4.6
2020-04-20 CVE-2017-18849 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-20 CVE-2017-18846 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow.

4.6
2020-04-20 CVE-2017-18841 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection.

4.6
2020-04-20 CVE-2017-18838 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by privilege escalation.

4.6
2020-04-20 CVE-2017-18850 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

4.6
2020-04-20 CVE-2017-18851 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-20 CVE-2020-5569 Toshiba Unquoted Search Path or Element vulnerability in Toshiba Password Tool FOR Windows 1.20.6620

An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10.

4.6
2020-04-21 CVE-2020-8895 Google Uncontrolled Search Path Element vulnerability in Google Earth

Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system.

4.4
2020-04-24 CVE-2020-6213 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs.

4.3
2020-04-24 CVE-2020-12245 Grafana Cross-site Scripting vulnerability in Grafana

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.

4.3
2020-04-24 CVE-2020-6827 Mozilla Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.

4.3
2020-04-24 CVE-2017-18701 Netgear Cross-site Scripting vulnerability in Netgear R6700 Firmware and R6900 Firmware

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-24 CVE-2017-18700 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.3
2020-04-24 CVE-2017-18715 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-24 CVE-2020-12137 GNU
Debian
Cross-site Scripting vulnerability in multiple products

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.

4.3
2020-04-24 CVE-2020-12135 Whoopsie Project
Mongodb
Integer Overflow or Wraparound vulnerability in multiple products

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values.

4.3
2020-04-24 CVE-2020-12132 Fifthplay Cross-site Scripting vulnerability in Fifthplay S.A.M.I

Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request.

4.3
2020-04-24 CVE-2020-12131 App2Pro Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3

The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo).

4.3
2020-04-24 CVE-2020-12130 App2Pro Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3

The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function.

4.3
2020-04-24 CVE-2020-12129 App2Pro Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function.

4.3
2020-04-23 CVE-2020-12113 Bigbluebutton Cross-site Scripting vulnerability in Bigbluebutton

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

4.3
2020-04-23 CVE-2020-12105 Infradead Improper Input Validation vulnerability in Infradead Openconnect

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

4.3
2020-04-23 CVE-2017-18745 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

4.3
2020-04-23 CVE-2020-1760 Linuxfoundation
Redhat
Fedoraproject
Canonical
Debian
Cross-site Scripting vulnerability in multiple products

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3.

4.3
2020-04-23 CVE-2020-12054 Catchplugins Cross-site Scripting vulnerability in Catchplugins Catch Breadcrumb

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).

4.3
2020-04-23 CVE-2020-11806 Mailstore Improper Certificate Validation vulnerability in Mailstore Server

In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.

4.3
2020-04-22 CVE-2020-10905 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

4.3
2020-04-22 CVE-2020-10903 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

4.3
2020-04-22 CVE-2020-10901 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

4.3
2020-04-22 CVE-2020-10894 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

4.3
2020-04-22 CVE-2018-18405 Jquery Cross-site Scripting vulnerability in Jquery 2.2.2

** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element.

4.3
2020-04-22 CVE-2017-18784 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by XSS.

4.3
2020-04-22 CVE-2017-18783 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by XSS.

4.3
2020-04-22 CVE-2019-20102 Atlassian Cross-site Scripting vulnerability in Atlassian Confluence

The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter.

4.3
2020-04-21 CVE-2017-18800 Netgear Cross-site Scripting vulnerability in Netgear R6700 Firmware and R6800 Firmware

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-20 CVE-2020-11944 Bitcoin ABE Project Cross-site Scripting vulnerability in Bitcoin-Abe Project Bitcoin-Abe

Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.

4.3
2020-04-20 CVE-2020-9445 Zulip Cross-site Scripting vulnerability in Zulip Server

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.

4.3
2020-04-20 CVE-2020-9070 Huawei Information Exposure vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.133(C00E132R5P1)/10.0.0.203(C00E201R7P2)/10.0.0.41(Sp2C00E41R3P2)

Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability.

4.3
2020-04-20 CVE-2020-5286 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file.

4.3
2020-04-20 CVE-2020-5285 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter.

4.3
2020-04-20 CVE-2020-5278 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5

4.3
2020-04-20 CVE-2020-5276 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5

4.3
2020-04-20 CVE-2020-5272 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters.

4.3
2020-04-20 CVE-2020-5271 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5

4.3
2020-04-20 CVE-2020-5269 Prestashop Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter.

4.3
2020-04-20 CVE-2020-5265 Prestashop Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4

In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page.

4.3
2020-04-20 CVE-2020-5264 Prestashop Cross-site Scripting vulnerability in Prestashop

In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page.

4.3
2020-04-20 CVE-2017-18835 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-20 CVE-2017-18834 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-20 CVE-2017-18833 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-20 CVE-2020-11888 Python Markdown2 Project Cross-site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2

python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds.

4.3
2020-04-20 CVE-2020-11930 Gtranslate Cross-site Scripting vulnerability in Gtranslate Translate Wordpress With Gtranslate

The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link.

4.3
2020-04-24 CVE-2020-11013 Helm Information Exposure vulnerability in Helm

Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0.

4.0
2020-04-24 CVE-2020-7134 HP Information Exposure vulnerability in HP HPE IOT + GCP

A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2.

4.0
2020-04-24 CVE-2020-1741 Redhat Incorrect Comparison vulnerability in Redhat Openshift Container Platform 3.11

A flaw was found in openshift-ansible.

4.0
2020-04-24 CVE-2020-4267 IBM Missing Release of Resource after Effective Lifetime vulnerability in IBM MQ and MQ Appliance

IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak.

4.0
2020-04-23 CVE-2018-21166 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

4.0
2020-04-23 CVE-2018-21165 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

4.0
2020-04-23 CVE-2018-21142 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

4.0
2020-04-22 CVE-2020-11649 Gitlab Missing Authentication for Critical Function vulnerability in Gitlab

An issue was discovered in GitLab CE and EE 8.15 through 12.9.2.

4.0
2020-04-22 CVE-2020-4085 Hcltech Information Exposure vulnerability in Hcltech Connections 5.5/6.0/6.5

"HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user."

4.0
2020-04-22 CVE-2020-11938 Jetbrains Information Exposure vulnerability in Jetbrains Teamcity

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project.

4.0
2020-04-22 CVE-2020-11692 Jetbrains Incorrect Default Permissions vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.

4.0
2020-04-22 CVE-2020-11689 Jetbrains Incorrect Default Permissions vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

4.0
2020-04-22 CVE-2020-11686 Jetbrains Information Exposure vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

4.0
2020-04-21 CVE-2019-17525 Dlink Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-615 Firmware 20.10

The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.

4.0

75 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-26 CVE-2019-20789 Croogo Cross-site Scripting vulnerability in Croogo

Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies.

3.5
2020-04-23 CVE-2020-7132 HP Cross-site Scripting vulnerability in HP Onboard Administrator 4.85

A potential security vulnerability has been identified in HPE Onboard Administrator.

3.5
2020-04-23 CVE-2020-12071 Anchorcms Cross-site Scripting vulnerability in Anchorcms Anchor 0.12.7

Anchor 0.12.7 allows admins to cause XSS via crafted post content.

3.5
2020-04-22 CVE-2020-7642 Lazysizes Project Cross-site Scripting vulnerability in Lazysizes Project Lazysizes

lazysizes through 5.2.0 allows execution of malicious JavaScript.

3.5
2020-04-22 CVE-2017-18785 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by XSS.

3.5
2020-04-22 CVE-2020-11416 Jetbrains Cross-site Scripting vulnerability in Jetbrains Space 20200422

JetBrains Space through 2020-04-22 allows stored XSS in Chats.

3.5
2020-04-21 CVE-2020-5301 Simplesamlphp Improper Handling of Case Sensitivity vulnerability in Simplesamlphp

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability.

3.5
2020-04-21 CVE-2017-18809 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18807 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18820 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18816 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18815 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18814 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18813 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18812 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18811 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18810 Netgear Cross-site Scripting vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.

3.5
2020-04-21 CVE-2017-18821 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2020-10935 Zulip Cross-site Scripting vulnerability in Zulip Server

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

3.5
2020-04-20 CVE-2017-18832 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2017-18831 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2017-18828 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2017-18827 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2017-18825 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-20 CVE-2017-18839 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-24 CVE-2018-21229 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-24 CVE-2017-18704 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

3.3
2020-04-24 CVE-2017-18714 Netgear Unspecified vulnerability in Netgear Wndr4500 Firmware

NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service.

3.3
2020-04-24 CVE-2017-18713 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

3.3
2020-04-24 CVE-2017-18712 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

3.3
2020-04-24 CVE-2017-18710 Netgear Information Exposure vulnerability in Netgear R8300 Firmware and R8500 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-04-24 CVE-2017-18706 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-23 CVE-2017-18747 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-23 CVE-2017-18746 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-23 CVE-2017-18741 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-22 CVE-2018-21129 Netgear Information Exposure vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-04-22 CVE-2017-18752 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

3.3
2020-04-22 CVE-2018-21122 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

3.3
2020-04-22 CVE-2017-18766 Netgear Information Exposure vulnerability in Netgear Dst6501 Firmware and Wnr2000 Firmware

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

3.3
2020-04-22 CVE-2017-18765 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

3.3
2020-04-22 CVE-2017-18763 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-21 CVE-2018-21143 Netgear Information Exposure vulnerability in Netgear Gs810Emx Firmware

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

3.3
2020-04-21 CVE-2018-21140 Netgear Improper Input Validation vulnerability in Netgear D3600 Firmware and D6000 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

3.3
2020-04-20 CVE-2020-1803 Huawei Information Exposure vulnerability in Huawei Honor V20 Firmware

Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability.

2.9
2020-04-21 CVE-2018-21141 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

2.7
2020-04-23 CVE-2018-21136 Netgear Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

2.1
2020-04-23 CVE-2020-8798 Juplink Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.

2.1
2020-04-23 CVE-2020-5866 F5 Information Exposure vulnerability in F5 Nginx Controller

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

2.1
2020-04-23 CVE-2020-4353 IBM Improper Input Validation vulnerability in IBM Maas360 3.96.62/6.82

IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings.

2.1
2020-04-23 CVE-2019-4735 IBM Information Exposure vulnerability in IBM Maas360 3.96.62

IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container.

2.1
2020-04-23 CVE-2019-4668 IBM Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user.

2.1
2020-04-22 CVE-2020-8831 Canonical
Apport Project
Link Following vulnerability in multiple products

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory.

2.1
2020-04-22 CVE-2020-1983 Libslirp Project
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

2.1
2020-04-22 CVE-2019-19107 ABB
Busch Jaeger
Insufficiently Protected Credentials vulnerability in multiple products

The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed).

2.1
2020-04-22 CVE-2019-19105 ABB
Busch Jaeger
Insufficiently Protected Credentials vulnerability in multiple products

The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext.

2.1
2020-04-22 CVE-2017-18780 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

2.1
2020-04-22 CVE-2017-18778 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

2.1
2020-04-22 CVE-2017-18777 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by administrative password disclosure.

2.1
2020-04-22 CVE-2017-18769 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

2.1
2020-04-22 CVE-2017-18789 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

2.1
2020-04-21 CVE-2017-18798 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

2.1
2020-04-21 CVE-2017-18797 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

2.1
2020-04-21 CVE-2017-18790 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

2.1
2020-04-21 CVE-2017-18803 Netgear Improper Input Validation vulnerability in Netgear R7800 Firmware 1.0.2.16/1.0.2.28

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

2.1
2020-04-21 CVE-2017-18819 Netgear Unspecified vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.

2.1
2020-04-20 CVE-2017-18836 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

2.1
2020-04-20 CVE-2017-18824 Netgear Path Traversal vulnerability in Netgear products

Certain NETGEAR devices are affected by directory traversal.

2.1
2020-04-20 CVE-2017-18823 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

2.1
2020-04-20 CVE-2017-18847 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.

2.1
2020-04-20 CVE-2017-18845 Netgear Insufficiently Protected Credentials vulnerability in Netgear R6700 Firmware and R6800 Firmware

Certain NETGEAR devices are affected by disclosure of administrative credentials.

2.1
2020-04-20 CVE-2017-18844 Netgear Insufficiently Protected Credentials vulnerability in Netgear D7000 Firmware, R6700 Firmware and R6800 Firmware

Certain NETGEAR devices are affected by disclosure of administrative credentials.

2.1
2020-04-20 CVE-2017-18843 Netgear Insufficiently Protected Credentials vulnerability in Netgear D7000 Firmware, R6700 Firmware and R6800 Firmware

Certain NETGEAR devices are affected by disclosure of administrative credentials.

2.1
2020-04-20 CVE-2017-18840 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

2.1
2020-04-24 CVE-2020-6824 Mozilla Session Fixation vulnerability in Mozilla Firefox

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open.

1.9
2020-04-22 CVE-2020-8833 Canonical
Apport Project
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity.

1.9