CVE List - 2020 / April
Showing 2001 - 2100 of 2186 CVEs for April 2020 (Page 21 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2018-21215 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24,... |
| CVE-2018-21216 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20. |
| CVE-2018-21217 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20. |
| CVE-2018-21218 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20,... |
| CVE-2018-21219 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20,... |
| CVE-2018-21220 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20,... |
| CVE-2017-18861 | 2020-04-28 | Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. |
| CVE-2017-18862 | 2020-04-28 | Certain NETGEAR devices are affected by authentication bypass. This affects JGS516PE before 2017-05-11, JGS524Ev2 before 2017-05-11, JGS524PE before 2017-05-11, GS105Ev2 before 2017-05-11, GS105PE before 2017-05-11, GS108Ev3 before 2017-05-11, GS108PEv3 before... |
| CVE-2017-18863 | 2020-04-28 | Certain NETGEAR devices are affected by command execution via a PHP form. This affects WN604 3.3.3 and earlier, WNAP210v2 3.5.20.0 and earlier, WNAP320 3.5.20.0 and earlier, WNDAP350 3.5.20.0 and earlier,... |
| CVE-2016-11054 | 2020-04-28 | NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. |
| CVE-2016-11055 | 2020-04-28 | Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11,... |
| CVE-2016-11056 | 2020-04-28 | Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. |
| CVE-2016-11057 | 2020-04-28 | Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before... |
| CVE-2016-11058 | 2020-04-28 | The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. |
| CVE-2016-11060 | 2020-04-28 | Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10. |
| CVE-2016-11059 | 2020-04-28 | Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before... |
| CVE-2018-21221 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52. |
| CVE-2018-21222 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118,... |
| CVE-2018-21223 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118,... |
| CVE-2018-21224 | 2020-04-28 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118,... |
| CVE-2018-21225 | 2020-04-28 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800... |
| CVE-2018-21226 | 2020-04-28 | Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48. |
| CVE-2017-18857 | 2020-04-28 | The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. |
| CVE-2017-18858 | 2020-04-28 | Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier,... |
| CVE-2017-18859 | 2020-04-28 | Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30. |
| CVE-2019-20791 | 2020-04-28 | OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc. |
| CVE-2020-12243 | 2020-04-28 | In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
| CVE-2020-9482 | 2020-04-28 | If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but... |
| CVE-2020-10641 | 2020-04-28 | An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space... |
| CVE-2020-7644 | 2020-04-28 | fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. |
| CVE-2020-12429 | 2020-04-28 | Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php,... |
| CVE-2019-15877 | 2020-04-28 | In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged... |
| CVE-2019-15876 | 2020-04-28 | In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the... |
| CVE-2020-7451 | 2020-04-28 | In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does... |
| CVE-2020-11014 | 2020-04-28 | BIP LI01 output reordering may cause malformed SLP MINT transactions in Electron-Cash-SLP |
| CVE-2020-12438 | 2020-04-28 | An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A... |
| CVE-2020-10663 | 2020-04-28 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite... |
| CVE-2020-12102 | 2020-04-28 | In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem... |
| CVE-2020-12103 | 2020-04-28 | In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside... |
| CVE-2020-12261 | 2020-04-28 | Open-AudIT 3.3.0 allows an XSS attack after login. |
| CVE-2020-12442 | 2020-04-28 | Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. |
| CVE-2020-7453 | 2020-04-28 | In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes... |
| CVE-2020-7452 | 2020-04-28 | In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed... |
| CVE-2019-15874 | 2020-04-28 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading... |
| CVE-2019-5614 | 2020-04-28 | In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic... |
| CVE-2020-8472 | 2020-04-28 | ABB System 800xA Weak File Permissions - different products |
| CVE-2020-8473 | 2020-04-28 | ABB System 800xA Weak File Permissions - ABB System 800xA Base |
| CVE-2020-11022 | 2020-04-29 | Potential XSS vulnerability in jQuery |
| CVE-2020-8475 | 2020-04-29 | ABB Central Licensing System - Denial of Service Vulnerability |
| CVE-2020-8476 | 2020-04-29 | ABB Central Licensing System - Elevation of Privilege Vulnerability |
| CVE-2020-8479 | 2020-04-29 | ABB Central Licensing System - XML External Entity Injection |
| CVE-2020-11023 | 2020-04-29 | Potential XSS vulnerability in jQuery |
| CVE-2020-8471 | 2020-04-29 | ABB Central Licensing System - Weak File Permissions |
| CVE-2020-8481 | 2020-04-29 | ABB Central Licensing System - Information disclosure |
| CVE-2020-12443 | 2020-04-29 | BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence.... |
| CVE-2020-8478 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability |
| CVE-2020-8484 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - 800xA for DCI |
| CVE-2020-8485 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300 |
| CVE-2020-8486 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - 800xA RNRP |
| CVE-2020-8487 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - System 800xA Base |
| CVE-2020-8488 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - 800xA Batch Management |
| CVE-2020-8489 | 2020-04-29 | ABB System 800xA Inter process communication vulnerability - 800xA Information Management |
| CVE-2019-19101 | 2020-04-29 | Incomplete communication encryption and validation in B&R Automation Studio upgrade service |
| CVE-2019-19102 | 2020-04-29 | Zip Slip vulnerability in 3rd-Party library in B&R Automation Studio upgrade service |
| CVE-2019-19100 | 2020-04-29 | Privilege escalation via B&R Automation Studio upgrade service |
| CVE-2020-3955 | 2020-04-29 | ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue... |
| CVE-2020-12447 | 2020-04-29 | A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading... |
| CVE-2019-20792 | 2020-04-29 | OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check. |
| CVE-2020-11884 | 2020-04-29 | In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails... |
| CVE-2020-12246 | 2020-04-29 | Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. |
| CVE-2019-16652 | 2020-04-29 | The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. |
| CVE-2019-7634 | 2020-04-29 | SUAP V2 allows XSS during the update of user information. |
| CVE-2019-16653 | 2020-04-29 | An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. |
| CVE-2020-12251 | 2020-04-29 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve... |
| CVE-2020-12252 | 2020-04-29 | An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory,... |
| CVE-2019-20781 | 2020-04-29 | An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. |
| CVE-2017-18853 | 2020-04-29 | Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2... |
| CVE-2017-18854 | 2020-04-29 | NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. |
| CVE-2017-18855 | 2020-04-29 | NETGEAR WNR854T devices before 1.5.2 are affected by command execution. |
| CVE-2020-11446 | 2020-04-29 | ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to... |
| CVE-2020-10797 | 2020-04-29 | An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable... |
| CVE-2018-21232 | 2020-04-29 | re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. |
| CVE-2017-18860 | 2020-04-29 | Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and... |
| CVE-2017-18856 | 2020-04-29 | NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection. |
| CVE-2019-4286 | 2020-04-29 | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. |
| CVE-2019-4288 | 2020-04-29 | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160631. |
| CVE-2020-11674 | 2020-04-29 | Cerner medico 26.00 allows variable reuse, possibly causing data corruption. |
| CVE-2020-11675 | 2020-04-29 | Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). |
| CVE-2020-11676 | 2020-04-29 | Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). |
| CVE-2020-12446 | 2020-04-29 | The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from... |
| CVE-2020-11677 | 2020-04-29 | Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). |
| CVE-2020-8774 | 2020-04-29 | Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. |
| CVE-2020-8773 | 2020-04-29 | The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. |
| CVE-2020-2575 | 2020-04-29 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to... |
| CVE-2020-7804 | 2020-04-29 | ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method. |
| CVE-2019-19165 | 2020-04-29 | AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity... |
| CVE-2020-8775 | 2020-04-29 | Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. |
| CVE-2020-12459 | 2020-04-29 | In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. |
| CVE-2020-12458 | 2020-04-29 | An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext... |
| CVE-2020-12461 | 2020-04-29 | PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the... |