CVE List - 2020 / April
Showing 1701 - 1800 of 2186 CVEs for April 2020 (Page 18 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-12074 | 2020-04-23 | The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. |
| CVE-2020-12073 | 2020-04-23 | The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. |
| CVE-2020-12077 | 2020-04-23 | The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. |
| CVE-2020-12079 | 2020-04-23 | Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution... |
| CVE-2020-5571 | 2020-04-23 | SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number... |
| CVE-2019-8359 | 2020-04-23 | An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face... |
| CVE-2019-9183 | 2020-04-23 | An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of... |
| CVE-2020-12054 | 2020-04-23 | The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the... |
| CVE-2020-11806 | 2020-04-23 | In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. |
| CVE-2019-4668 | 2020-04-23 | IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250. |
| CVE-2019-4735 | 2020-04-23 | IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. IBM X-Force ID: 172705. |
| CVE-2020-4202 | 2020-04-23 | IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID:... |
| CVE-2020-4311 | 2020-04-23 | IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load... |
| CVE-2020-4353 | 2020-04-23 | IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM... |
| CVE-2020-4415 | 2020-04-23 | IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on... |
| CVE-2020-7643 | 2020-04-23 | paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. |
| CVE-2020-11945 | 2020-04-23 | An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because... |
| CVE-2020-11939 | 2020-04-23 | In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular... |
| CVE-2020-11940 | 2020-04-23 | In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment... |
| CVE-2017-18751 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before... |
| CVE-2017-18750 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
| CVE-2017-18749 | 2020-04-23 | Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112,... |
| CVE-2017-18748 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before... |
| CVE-2017-18747 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before... |
| CVE-2017-18746 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before... |
| CVE-2017-18745 | 2020-04-23 | Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before... |
| CVE-2017-18744 | 2020-04-23 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4,... |
| CVE-2017-18743 | 2020-04-23 | Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before... |
| CVE-2017-18742 | 2020-04-23 | Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54,... |
| CVE-2017-18741 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before... |
| CVE-2017-18740 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before... |
| CVE-2017-18739 | 2020-04-23 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48. |
| CVE-2017-18738 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before... |
| CVE-2017-18737 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220... |
| CVE-2017-18736 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2... |
| CVE-2017-18735 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and... |
| CVE-2020-12105 | 2020-04-23 | OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. |
| CVE-2017-18734 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220... |
| CVE-2017-18733 | 2020-04-23 | Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before... |
| CVE-2017-18732 | 2020-04-23 | Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. |
| CVE-2020-7132 | 2020-04-23 | A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates... |
| CVE-2020-12113 | 2020-04-23 | BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. |
| CVE-2020-12112 | 2020-04-23 | BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. |
| CVE-2020-8797 | 2020-04-23 | Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled... |
| CVE-2020-8798 | 2020-04-23 | httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. |
| CVE-2019-20788 | 2020-04-23 | libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. |
| CVE-2018-21101 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2020-5865 | 2020-04-23 | In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM)... |
| CVE-2018-21102 | 2020-04-23 | NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. |
| CVE-2018-21103 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2020-5864 | 2020-04-23 | In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. |
| CVE-2018-21104 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2019-17101 | 2020-04-23 | Command execution due to unsanitized input in Netatmo Smart Indoor Security Camera |
| CVE-2020-5866 | 2020-04-23 | In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. |
| CVE-2018-21105 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21106 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21107 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21108 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21109 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21110 | 2020-04-23 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. |
| CVE-2018-21131 | 2020-04-23 | Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. |
| CVE-2018-21132 | 2020-04-23 | Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. |
| CVE-2018-21133 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. |
| CVE-2020-5867 | 2020-04-23 | In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages |
| CVE-2018-21134 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before... |
| CVE-2018-21135 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700 before 1.0.1.48, R7500 before 1.0.0.124, R7800 before 1.0.2.58, R8900 before 1.0.4.2, R9000 before... |
| CVE-2018-21136 | 2020-04-23 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. |
| CVE-2018-21137 | 2020-04-23 | Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. |
| CVE-2018-21138 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. |
| CVE-2018-21139 | 2020-04-23 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82,... |
| CVE-2018-21142 | 2020-04-23 | Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300... |
| CVE-2018-21161 | 2020-04-23 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16. |
| CVE-2018-21162 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400... |
| CVE-2018-21163 | 2020-04-23 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before... |
| CVE-2018-21164 | 2020-04-23 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.64 and WNDR3700v5 before 1.1.0.54. |
| CVE-2018-21165 | 2020-04-23 | Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300... |
| CVE-2020-12118 | 2020-04-23 | The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from... |
| CVE-2018-21160 | 2020-04-23 | NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. |
| CVE-2018-21166 | 2020-04-23 | Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300... |
| CVE-2020-11012 | 2020-04-23 | Authentication bypass MinIO Admin API |
| CVE-2020-12128 | 2020-04-23 | DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. |
| CVE-2020-12131 | 2020-04-23 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). |
| CVE-2020-12130 | 2020-04-23 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. |
| CVE-2020-12129 | 2020-04-23 | The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. |
| CVE-2020-12132 | 2020-04-23 | Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. |
| CVE-2019-15791 | 2020-04-23 | Reference count underflow in shiftfs |
| CVE-2019-15792 | 2020-04-23 | Type confusion in shiftfs |
| CVE-2019-15793 | 2020-04-23 | Mishandling of file-system uid/gid with namespaces in shiftfs |
| CVE-2019-15794 | 2020-04-23 | Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs |
| CVE-2020-12134 | 2020-04-24 | Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. |
| CVE-2020-12135 | 2020-04-24 | bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed... |
| CVE-2020-12063 | 2020-04-24 | A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the... |
| CVE-2020-12137 | 2020-04-24 | GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an... |
| CVE-2017-18731 | 2020-04-24 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58. |
| CVE-2017-18730 | 2020-04-24 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before... |
| CVE-2020-5868 | 2020-04-24 | In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user... |
| CVE-2017-18729 | 2020-04-24 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before... |
| CVE-2017-18728 | 2020-04-24 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
| CVE-2017-18727 | 2020-04-24 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
| CVE-2020-5869 | 2020-04-24 | In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. |