CVE List - 2020 / April
Showing 1301 - 1400 of 2186 CVEs for April 2020 (Page 14 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-11814 | 2020-04-16 | A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. |
| CVE-2020-11816 | 2020-04-16 | Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. |
| CVE-2019-18948 | 2020-04-16 | An issue was found in Arista EOS. Specific malformed ARP packets can impact the software forwarding of VxLAN packets. This issue is found in Arista’s EOS VxLAN code, which can... |
| CVE-2020-11815 | 2020-04-16 | In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the... |
| CVE-2019-20722 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000... |
| CVE-2019-20723 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before... |
| CVE-2020-11818 | 2020-04-16 | In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password... |
| CVE-2020-7224 | 2020-04-16 | The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries... |
| CVE-2020-11820 | 2020-04-16 | Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. |
| CVE-2020-11819 | 2020-04-16 | In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. |
| CVE-2019-19394 | 2020-04-16 | Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. |
| CVE-2020-11007 | 2020-04-16 | Negative charge in shopping cart possible in Shopizer |
| CVE-2020-11823 | 2020-04-16 | In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. |
| CVE-2020-11826 | 2020-04-16 | Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database... |
| CVE-2019-11999 | 2020-04-16 | Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to... |
| CVE-2019-20724 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800... |
| CVE-2019-20725 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before... |
| CVE-2019-20726 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000... |
| CVE-2020-11825 | 2020-04-16 | In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session.... |
| CVE-2019-20727 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1... |
| CVE-2019-20728 | 2020-04-16 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102,... |
| CVE-2019-20729 | 2020-04-16 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before... |
| CVE-2019-20730 | 2020-04-16 | Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28, D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7000v2 before... |
| CVE-2019-20731 | 2020-04-16 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70,... |
| CVE-2019-20732 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.40, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, EX3700... |
| CVE-2019-20733 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before... |
| CVE-2019-20734 | 2020-04-16 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30,... |
| CVE-2019-20735 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before V1.0.0.75, D6100 before V1.0.0.63, R7800 before v1.0.2.52, R8900 before... |
| CVE-2019-20736 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before... |
| CVE-2019-20737 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before... |
| CVE-2019-20738 | 2020-04-16 | Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before... |
| CVE-2019-20739 | 2020-04-16 | NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker. |
| CVE-2019-20740 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500... |
| CVE-2019-20741 | 2020-04-16 | NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. |
| CVE-2019-20742 | 2020-04-16 | NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. |
| CVE-2019-20743 | 2020-04-16 | NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. |
| CVE-2019-20744 | 2020-04-16 | NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. |
| CVE-2019-20745 | 2020-04-16 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2. |
| CVE-2019-20746 | 2020-04-16 | Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before... |
| CVE-2019-20747 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.40, R7500v2 before 1.0.3.34, R7800 before 1.0.2.52, R8900 before... |
| CVE-2019-20748 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before... |
| CVE-2019-20749 | 2020-04-16 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before... |
| CVE-2019-20750 | 2020-04-16 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before... |
| CVE-2019-20751 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before... |
| CVE-2019-20752 | 2020-04-16 | Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before... |
| CVE-2019-20753 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before... |
| CVE-2019-20754 | 2020-04-16 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects DGN2200 before 1.0.0.58, DGN2200B before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.80,... |
| CVE-2019-20755 | 2020-04-16 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before... |
| CVE-2019-20756 | 2020-04-16 | Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before... |
| CVE-2019-20757 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. |
| CVE-2019-20758 | 2020-04-16 | NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. |
| CVE-2019-20759 | 2020-04-16 | NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. |
| CVE-2019-20760 | 2020-04-16 | NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass. |
| CVE-2019-20761 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. |
| CVE-2019-20762 | 2020-04-16 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68,... |
| CVE-2019-20763 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2019-20764 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2020-5294 | 2020-04-16 | Reflected XSS with social networks fields |
| CVE-2020-5273 | 2020-04-16 | Stored XSS with custom URLs in PrestaShop module ps_linklist |
| CVE-2020-5266 | 2020-04-16 | Stored XSS on back office edit page |
| CVE-2019-20765 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2019-20766 | 2020-04-16 | NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. |
| CVE-2019-7306 | 2020-04-17 | Byobu apport hook uploads user's ~/.screenrc |
| CVE-2020-11868 | 2020-04-17 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions... |
| CVE-2020-11872 | 2020-04-17 | The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. |
| CVE-2020-10211 | 2020-04-17 | A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of... |
| CVE-2020-10377 | 2020-04-17 | A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to... |
| CVE-2020-10813 | 2020-04-17 | A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. |
| CVE-2020-10947 | 2020-04-17 | Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. |
| CVE-2020-11793 | 2020-04-17 | A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of... |
| CVE-2019-20771 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The... |
| CVE-2020-11873 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker... |
| CVE-2020-11874 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March... |
| CVE-2019-4446 | 2020-04-17 | IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490. |
| CVE-2019-4644 | 2020-04-17 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-4749 | 2020-04-17 | IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2020-4277 | 2020-04-17 | IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993. |
| CVE-2020-11875 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an... |
| CVE-2019-20769 | 2020-04-17 | An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in... |
| CVE-2019-20770 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is... |
| CVE-2019-20772 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007... |
| CVE-2019-20773 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The... |
| CVE-2019-20774 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A system service allows local retrieval of the user's password. The... |
| CVE-2019-20775 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. Weak encryption leads to local information disclosure. The LG ID... |
| CVE-2019-20776 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID... |
| CVE-2019-20777 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG... |
| CVE-2019-20778 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their... |
| CVE-2019-20779 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. A TrustZone trusted application can crash via crafted input. The LG... |
| CVE-2019-20780 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Certain security settings, related to whether packages are verified and accepted only... |
| CVE-2019-20782 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. LG Advanced Flash (LAF) has a buffer overflow. The LG ID is... |
| CVE-2019-20783 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA... |
| CVE-2019-20784 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The... |
| CVE-2019-20785 | 2020-04-17 | An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG... |
| CVE-2019-12001 | 2020-04-17 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA... |
| CVE-2019-12002 | 2020-04-17 | A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA... |
| CVE-2020-9523 | 2020-04-17 | Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could... |
| CVE-2020-11877 | 2020-04-17 | airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable... |
| CVE-2020-11876 | 2020-04-17 | airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only... |
| CVE-2020-11878 | 2020-04-17 | The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. |
| CVE-2020-11880 | 2020-04-17 | An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files... |