Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20750 | 1 Netgear | 20 D7800, D7800 Firmware, Ex6100 and 17 more | 2020-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.47, EX6150v2 before 1.0.1.76, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WN2000RPTv3 before 1.0.1.32, WN3000RPv3 before 1.0.2.70, and WN3100RPv2 before 1.0.0.66. | |||||
| CVE-2019-20748 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2020-04-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32. | |||||
| CVE-2019-20777 | 2 Google, Lg | 3 Android, G7, V40 | 2020-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019). | |||||
| CVE-2019-20683 | 1 Netgear | 34 D3600, D3600 Firmware, D6000 and 31 more | 2020-04-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20684 | 1 Netgear | 34 D3600, D3600 Firmware, D6000 and 31 more | 2020-04-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20685 | 1 Netgear | 36 D3600, D3600 Firmware, D6000 and 33 more | 2020-04-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6200 before 1.1.00.32, D7000 before 1.0.1.68, DM200 before 1.0.0.58, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | |||||
| CVE-2020-5730 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | |||||
| CVE-2020-5731 | 1 Openmrs | 1 Openmrs | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | |||||
| CVE-2020-11792 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2020-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | |||||
| CVE-2019-20691 | 1 Netgear | 24 D3600, D3600 Firmware, D6000 and 21 more | 2020-04-21 | 6.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by CSRF. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, and WN2500RPv2 before 1.0.1.54. | |||||
| CVE-2019-20693 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | |||||
| CVE-2019-20699 | 1 Netgear | 14 Gs105e, Gs105e Firmware, Gs105pe and 11 more | 2020-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, and GSS108EPP before 1.0.0.15. | |||||
| CVE-2019-4749 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2020-04-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 173308. | |||||
| CVE-2019-4644 | 1 Ibm | 20 Control Desk, Maximo Asset Configuration Manager, Maximo Asset Health Insights and 17 more | 2020-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880. | |||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | |||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
| CVE-2019-10148 | 2020-04-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-12779. Reason: This candidate is a reservation duplicate of CVE-2019-12779. Notes: All CVE users should reference CVE- CVE-2019-12779 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | |||||
| CVE-2019-20758 | 1 Netgear | 2 R7000, R7000 Firmware | 2020-04-20 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. | |||||
| CVE-2020-11820 | 1 Rukovoditel | 1 Rukovoditel | 2020-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | |||||
| CVE-2020-11662 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. | |||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11823 | 1 Dolibarr | 1 Dolibarr | 2020-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. | |||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | |||||
| CVE-2020-11825 | 1 Dolibarr | 1 Dolibarr | 2020-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. | |||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | |||||
| CVE-2019-20725 | 1 Netgear | 22 D3600, D3600 Firmware, D6000 and 19 more | 2020-04-20 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20715 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.63, D7800 before 1.0.1.47, DM200 before 1.0.0.61, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32. | |||||
| CVE-2019-20673 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20669 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20667 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20668 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2019-20675 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | |||||
| CVE-2020-11787 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2020-11786 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | |||||
| CVE-2019-20742 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | |||||
| CVE-2019-20662 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20743 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | |||||
| CVE-2019-20661 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20663 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2020-04-20 | 2.3 LOW | 4.3 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20759 | 1 Netgear | 2 R9000, R9000 Firmware | 2020-04-20 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. | |||||
| CVE-2020-11791 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2020-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. | |||||
| CVE-2019-20671 | 1 Netgear | 18 Rbk20, Rbk20 Firmware, Rbk40 and 15 more | 2020-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2020-1050 | 1 Microsoft | 1 Dynamics 365 Server | 2020-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049. | |||||