Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19390 | 1 Matrix42 | 1 Workspace Management | 2020-04-22 | 3.5 LOW | 5.4 MEDIUM |
| The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. | |||||
| CVE-2019-14075 | 1 Qualcomm | 44 Mdm9607, Mdm9607 Firmware, Msm8917 and 41 more | 2020-04-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2018-17794 | 1 Gnu | 1 Binutils | 2020-04-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function. | |||||
| CVE-2018-18700 | 1 Gnu | 1 Binutils | 2020-04-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions d_name(), d_encoding(), and d_local_name() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | |||||
| CVE-2018-18701 | 1 Gnu | 1 Binutils | 2020-04-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm. | |||||
| CVE-2018-9138 | 1 Gnu | 1 Binutils | 2020-04-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_nested_args, demangle_args, do_arg, and do_type. | |||||
| CVE-2016-5434 | 1 Pacman Project | 1 Pacman | 2020-04-21 | 7.1 HIGH | 5.5 MEDIUM |
| libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | |||||
| CVE-2019-20746 | 1 Netgear | 40 D3600, D3600 Firmware, D6000 and 37 more | 2020-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. | |||||
| CVE-2019-20751 | 1 Netgear | 32 D6100, D6100 Firmware, Dm200 and 29 more | 2020-04-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200 before 1.0.0.61, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.26, R9000 before 1.0.4.26, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.66, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68. | |||||
| CVE-2020-0935 | 1 Microsoft | 1 Onedrive | 2020-04-21 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-7552 | 1 Investment Mlm Software Project | 1 Investment Mlm Software | 2020-04-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. | |||||
| CVE-2020-1049 | 1 Microsoft | 1 Dynamics 365 Server | 2020-04-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1050. | |||||
| CVE-2020-7084 | 1 Autodesk | 1 Fbx Software Development Kit | 2020-04-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. | |||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 3.6 LOW | 4.4 MEDIUM |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | |||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | |||||
| CVE-2020-7276 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | |||||
| CVE-2020-7275 | 1 Mcafee | 1 Endpoint Security | 2020-04-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | |||||
| CVE-2019-20756 | 1 Netgear | 36 Ex3700, Ex3700 Firmware, Ex3800 and 33 more | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52. | |||||
| CVE-2019-20750 | 1 Netgear | 20 D7800, D7800 Firmware, Ex6100 and 17 more | 2020-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. | |||||
| CVE-2019-20748 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2020-04-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32. | |||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | |||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | |||||
| CVE-2019-20693 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | |||||
| CVE-2019-4749 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2020-04-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. | |||||
| CVE-2019-4644 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. | |||||
| CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | |||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | |||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11823 | 1 Dolibarr | 1 Dolibarr | 2020-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. | |||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||||
| CVE-2019-20725 | 1 Netgear | 22 D3600, D3600 Firmware, D6000 and 19 more | 2020-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20715 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32. | |||||
| CVE-2019-20673 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20669 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20667 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20668 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20675 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2020-11787 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-11786 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2019-20742 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | |||||
| CVE-2019-20662 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20743 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | |||||
| CVE-2019-20661 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20663 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20759 | 1 Netgear | 2 R9000, R9000 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. | |||||
| CVE-2020-11791 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2020-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. | |||||
| CVE-2019-20671 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||