CVE List - 2020 / April
Showing 1 - 100 of 2186 CVEs for April 2020 (Page 1 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-7064 | 2020-04-01 | Use-of-uninitialized-value in exif |
| CVE-2020-7065 | 2020-04-01 | mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full |
| CVE-2020-7066 | 2020-04-01 | get_headers() silently truncates after a null byte |
| CVE-2020-11445 | 2020-04-01 | TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. |
| CVE-2020-7263 | 2020-04-01 | ENS configuration can be edited by attacker with local administrator permissions |
| CVE-2020-5548 | 2020-04-01 | Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200... |
| CVE-2020-5392 | 2020-04-01 | A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page. |
| CVE-2020-6753 | 2020-04-01 | The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392. |
| CVE-2020-5391 | 2020-04-01 | Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field. |
| CVE-2020-7947 | 2020-04-01 | An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue... |
| CVE-2020-7948 | 2020-04-01 | An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform an insecure direct object reference. |
| CVE-2020-10231 | 2020-04-01 | TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. |
| CVE-2020-11449 | 2020-04-01 | An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf. |
| CVE-2020-11457 | 2020-04-01 | pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. |
| CVE-2020-11456 | 2020-04-01 | LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). |
| CVE-2020-11455 | 2020-04-01 | LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. |
| CVE-2019-3942 | 2020-04-01 | Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. |
| CVE-2019-3945 | 2020-04-01 | Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length. |
| CVE-2019-3944 | 2020-04-01 | Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. |
| CVE-2018-11106 | 2020-04-01 | NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior... |
| CVE-2020-10860 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe). |
| CVE-2020-10861 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from... |
| CVE-2020-10862 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE)... |
| CVE-2020-10863 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC... |
| CVE-2020-10864 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC... |
| CVE-2020-10865 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to make arbitrary changes to the... |
| CVE-2020-10866 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to enumerate the network interfaces and... |
| CVE-2020-10867 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on... |
| CVE-2020-10868 | 2020-04-01 | An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC... |
| CVE-2020-3881 | 2020-04-01 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. |
| CVE-2020-3884 | 2020-04-01 | An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. |
| CVE-2020-3889 | 2020-04-01 | A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files. |
| CVE-2020-3883 | 2020-04-01 | This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to... |
| CVE-2020-3888 | 2020-04-01 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts. |
| CVE-2020-3890 | 2020-04-01 | The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion. |
| CVE-2020-3887 | 2020-04-01 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,... |
| CVE-2020-3885 | 2020-04-01 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,... |
| CVE-2020-3891 | 2020-04-01 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS... |
| CVE-2020-3893 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel... |
| CVE-2020-3892 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel... |
| CVE-2020-3897 | 2020-04-01 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5,... |
| CVE-2020-3894 | 2020-04-01 | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3,... |
| CVE-2020-3899 | 2020-04-01 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5,... |
| CVE-2020-3895 | 2020-04-01 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5,... |
| CVE-2020-3900 | 2020-04-01 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5,... |
| CVE-2020-3903 | 2020-04-01 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. |
| CVE-2020-3901 | 2020-04-01 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5,... |
| CVE-2020-3906 | 2020-04-01 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.4. A maliciously crafted application may be able to bypass code signing enforcement. |
| CVE-2020-3902 | 2020-04-01 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for... |
| CVE-2020-3904 | 2020-04-01 | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel... |
| CVE-2020-3907 | 2020-04-01 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read... |
| CVE-2020-3905 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel... |
| CVE-2020-3908 | 2020-04-01 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read... |
| CVE-2020-3909 | 2020-04-01 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5,... |
| CVE-2020-3912 | 2020-04-01 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to cause unexpected system termination or read... |
| CVE-2020-3913 | 2020-04-01 | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application... |
| CVE-2020-3916 | 2020-04-01 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo... |
| CVE-2020-3911 | 2020-04-01 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5,... |
| CVE-2020-3914 | 2020-04-01 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may... |
| CVE-2020-3917 | 2020-04-01 | This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an... |
| CVE-2020-3910 | 2020-04-01 | A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5,... |
| CVE-2020-3919 | 2020-04-01 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application... |
| CVE-2020-9769 | 2020-04-01 | Multiple issues were addressed by updating to version 8.1.1850. This issue is fixed in macOS Catalina 10.15.4. Multiple issues in Vim. |
| CVE-2020-9768 | 2020-04-01 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able... |
| CVE-2020-9776 | 2020-04-01 | This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to access a user's call history. |
| CVE-2020-9775 | 2020-04-01 | An issue existed in the handling of tabs displaying picture in picture video. The issue was corrected with improved state handling. This issue is fixed in iOS 13.4 and iPadOS... |
| CVE-2020-9777 | 2020-04-01 | An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4... |
| CVE-2020-9770 | 2020-04-01 | A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4. An attacker in a privileged network position may be able to... |
| CVE-2020-9773 | 2020-04-01 | The issue was addressed with improved handling of icon caches. This issue is fixed in iOS 14.0 and iPadOS 14.0. A malicious application may be able to identify what other... |
| CVE-2020-9781 | 2020-04-01 | The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site... |
| CVE-2020-9784 | 2020-04-01 | A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings. |
| CVE-2020-9780 | 2020-04-01 | The issue was resolved by clearing application previews when content is deleted. This issue is fixed in iOS 13.4 and iPadOS 13.4. A local user may be able to view... |
| CVE-2020-9783 | 2020-04-01 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud... |
| CVE-2020-9785 | 2020-04-01 | Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A malicious application... |
| CVE-2020-10203 | 2020-04-01 | Sonatype Nexus Repository before 3.21.2 allows XSS. |
| CVE-2020-3850 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or... |
| CVE-2020-3848 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or... |
| CVE-2020-3849 | 2020-04-01 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or... |
| CVE-2020-3847 | 2020-04-01 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. |
| CVE-2020-1943 | 2020-04-01 | Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. |
| CVE-2020-10204 | 2020-04-01 | Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. |
| CVE-2020-1949 | 2020-04-01 | Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. |
| CVE-2020-10199 | 2020-04-01 | Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). |
| CVE-2020-1934 | 2020-04-01 | In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. |
| CVE-2020-5290 | 2020-04-01 | session fixation in rCTF |
| CVE-2020-1954 | 2020-04-01 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then... |
| CVE-2020-10948 | 2020-04-01 | Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit... |
| CVE-2020-8966 | 2020-04-01 | Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software |
| CVE-2019-9163 | 2020-04-01 | The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects. |
| CVE-2019-11254 | 2020-04-01 | Kubernetes API Server denial of service vulnerability from malicious YAML payloads |
| CVE-2020-11467 | 2020-04-01 | An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While... |
| CVE-2020-11466 | 2020-04-01 | An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored... |
| CVE-2020-11465 | 2020-04-01 | An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations,... |
| CVE-2020-11464 | 2020-04-01 | An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on... |
| CVE-2020-11463 | 2020-04-01 | An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts,... |
| CVE-2020-10598 | 2020-04-01 | In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices. Specially... |
| CVE-2020-6009 | 2020-04-01 | LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. |
| CVE-2018-11802 | 2020-04-01 | In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for... |
| CVE-2019-17564 | 2020-04-01 | Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider... |
| CVE-2020-1958 | 2020-04-01 | When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a... |