CVE List - 2020 / April
Showing 1101 - 1200 of 2186 CVEs for April 2020 (Page 12 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-11789 | 2020-04-15 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. |
| CVE-2020-11790 | 2020-04-15 | NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. |
| CVE-2020-11791 | 2020-04-15 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. |
| CVE-2020-11792 | 2020-04-15 | NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. |
| CVE-2019-20638 | 2020-04-15 | NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. |
| CVE-2019-20639 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20640 | 2020-04-15 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before... |
| CVE-2019-20641 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. |
| CVE-2019-20642 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. |
| CVE-2019-20643 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. |
| CVE-2020-3954 | 2020-04-15 | Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. |
| CVE-2019-20644 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. |
| CVE-2019-20645 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. |
| CVE-2020-3953 | 2020-04-15 | Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. |
| CVE-2019-20646 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. |
| CVE-2019-20647 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. |
| CVE-2019-20648 | 2020-04-15 | NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. |
| CVE-2019-20649 | 2020-04-15 | NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. |
| CVE-2019-20650 | 2020-04-15 | Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. |
| CVE-2020-5346 | 2020-04-15 | RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could... |
| CVE-2020-5350 | 2020-04-15 | Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could... |
| CVE-2020-11799 | 2020-04-15 | Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system... |
| CVE-2020-10615 | 2020-04-15 | Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied... |
| CVE-2020-10613 | 2020-04-15 | Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can... |
| CVE-2019-12524 | 2020-04-15 | An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with... |
| CVE-2020-10611 | 2020-04-15 | Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can... |
| CVE-2019-20651 | 2020-04-15 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. |
| CVE-2019-20652 | 2020-04-15 | NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. |
| CVE-2019-20653 | 2020-04-15 | Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. |
| CVE-2019-20654 | 2020-04-15 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. |
| CVE-2019-20655 | 2020-04-15 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. |
| CVE-2019-20656 | 2020-04-15 | Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150... |
| CVE-2019-20657 | 2020-04-15 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42,... |
| CVE-2020-6996 | 2020-04-15 | Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer... |
| CVE-2019-20658 | 2020-04-15 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4,... |
| CVE-2019-12521 | 2020-04-15 | An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements.... |
| CVE-2019-20659 | 2020-04-15 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. |
| CVE-2019-20660 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20661 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20662 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-12522 | 2020-04-15 | An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is... |
| CVE-2019-20663 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20664 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2020-11664 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. |
| CVE-2020-11665 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. |
| CVE-2019-20665 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2020-11666 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. |
| CVE-2019-20666 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20667 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20668 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20669 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20670 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2020-11661 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. |
| CVE-2020-11662 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. |
| CVE-2020-11663 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. |
| CVE-2019-20671 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20672 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20673 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20674 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20675 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-20676 | 2020-04-15 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before... |
| CVE-2019-12520 | 2020-04-15 | An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this... |
| CVE-2019-20677 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. |
| CVE-2019-12519 | 2020-04-15 | An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the... |
| CVE-2020-10951 | 2020-04-15 | Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. |
| CVE-2019-20678 | 2020-04-15 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before... |
| CVE-2019-20679 | 2020-04-15 | NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level. |
| CVE-2019-20680 | 2020-04-15 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800... |
| CVE-2019-20681 | 2020-04-15 | Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before... |
| CVE-2020-3161 | 2020-04-15 | Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability |
| CVE-2020-3162 | 2020-04-15 | Cisco IoT Field Network Director Denial of Service Vulnerability |
| CVE-2020-3177 | 2020-04-15 | Cisco Unified Communications Manager Path Traversal Vulnerability |
| CVE-2020-3194 | 2020-04-15 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability |
| CVE-2020-3239 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3240 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3243 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3247 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3248 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3249 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3250 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3251 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3252 | 2020-04-15 | Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data |
| CVE-2020-3260 | 2020-04-15 | Cisco Aironet Series Access Points Client Packet Processing Denial of Service Vulnerability |
| CVE-2020-3261 | 2020-04-15 | Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability |
| CVE-2020-3262 | 2020-04-15 | Cisco Wireless LAN Controller CAPWAP Denial of Service Vulnerability |
| CVE-2020-3273 | 2020-04-15 | Cisco Wireless LAN Controller 802.11 Generic Advertisement Service Denial of Service Vulnerability |
| CVE-2020-9280 | 2020-04-15 | In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload... |
| CVE-2020-1632 | 2020-04-15 | Junos OS and Junos OS Evolved: Invalid BGP UPDATE sent to peer device may cause BGP session to terminate. |
| CVE-2020-11658 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. |
| CVE-2020-11659 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. |
| CVE-2020-11660 | 2020-04-15 | CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. |
| CVE-2020-5721 | 2020-04-15 | MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password... |
| CVE-2020-7483 | 2020-04-15 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated... |
| CVE-2020-7484 | 2020-04-15 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated... |
| CVE-2020-7485 | 2020-04-15 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. This was addressed in... |
| CVE-2020-7486 | 2020-04-15 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and... |
| CVE-2019-10483 | 2020-04-16 | Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-10523 | 2020-04-16 | Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon... |
| CVE-2019-10547 | 2020-04-16 | When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-10551 | 2020-04-16 | String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |