Lista CVE - 2020 / Aprile
Visualizzazione 1501 - 1600 di 2186 CVE per Aprile 2020 (Pagina 16 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-9276 | 2020-04-20 | An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based... |
| CVE-2020-9277 | 2020-04-20 | An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authentication can be bypassed when accessing cgi modules. This allows one to perform administrative tasks (e.g., modify the admin password)... |
| CVE-2020-9278 | 2020-04-20 | An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. |
| CVE-2020-9279 | 2020-04-20 | An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control... |
| CVE-2020-11958 | 2020-04-21 | re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. |
| CVE-2020-8099 | 2020-04-21 | Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387) |
| CVE-2020-11963 | 2020-04-21 | IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur... |
| CVE-2020-11964 | 2020-04-21 | In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur... |
| CVE-2020-11965 | 2020-04-21 | In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can... |
| CVE-2020-11966 | 2020-04-21 | In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur... |
| CVE-2020-11968 | 2020-04-21 | In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a... |
| CVE-2020-11967 | 2020-04-21 | In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur... |
| CVE-2020-11828 | 2020-04-21 | In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value... |
| CVE-2020-1967 | 2020-04-21 | Segmentation fault in SSL_check_chain |
| CVE-2017-18821 | 2020-04-21 | Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before... |
| CVE-2017-18820 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18819 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. |
| CVE-2017-18816 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18815 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18814 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2019-8960 | 2020-04-21 | A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message,... |
| CVE-2019-8961 | 2020-04-21 | A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in... |
| CVE-2017-18813 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18812 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18811 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18810 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2020-1699 | 2020-04-21 | A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An... |
| CVE-2020-5268 | 2020-04-21 | Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET |
| CVE-2020-1757 | 2020-04-21 | A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by... |
| CVE-2017-18809 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18808 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. |
| CVE-2017-18807 | 2020-04-21 | NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
| CVE-2017-18806 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before... |
| CVE-2020-11890 | 2020-04-21 | An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. |
| CVE-2020-11889 | 2020-04-21 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. |
| CVE-2020-11891 | 2020-04-21 | An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. |
| CVE-2020-10786 | 2020-04-21 | A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. |
| CVE-2020-10787 | 2020-04-21 | An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). |
| CVE-2017-18805 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before... |
| CVE-2017-18804 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4. |
| CVE-2020-8895 | 2020-04-21 | DLL Hijacking in Google Earth Pro Windows installer |
| CVE-2017-18803 | 2020-04-21 | NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. |
| CVE-2017-18802 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. |
| CVE-2019-4327 | 2020-04-21 | "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." |
| CVE-2017-18801 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50. |
| CVE-2017-18800 | 2020-04-21 | Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42. |
| CVE-2017-18799 | 2020-04-21 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before... |
| CVE-2017-18798 | 2020-04-21 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. |
| CVE-2017-18797 | 2020-04-21 | Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100. |
| CVE-2017-18796 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800... |
| CVE-2017-18795 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50. |
| CVE-2020-11008 | 2020-04-21 | Malicious URLs can still cause Git to send a stored credential to the wrong server |
| CVE-2017-18794 | 2020-04-21 | Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before... |
| CVE-2017-18793 | 2020-04-21 | NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. |
| CVE-2017-18792 | 2020-04-21 | NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection. |
| CVE-2017-18791 | 2020-04-21 | Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40,... |
| CVE-2017-18790 | 2020-04-21 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before... |
| CVE-2019-17525 | 2020-04-21 | The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. |
| CVE-2020-10569 | 2020-04-21 | SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to... |
| CVE-2020-5301 | 2020-04-21 | Information disclosure of source code in SimpleSAMLphp |
| CVE-2018-21140 | 2020-04-21 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. |
| CVE-2018-21141 | 2020-04-21 | Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300... |
| CVE-2018-21143 | 2020-04-21 | NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information. |
| CVE-2018-21144 | 2020-04-21 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DM200 before 1.0.0.52, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before... |
| CVE-2018-21145 | 2020-04-21 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before... |
| CVE-2018-21146 | 2020-04-21 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and... |
| CVE-2018-21147 | 2020-04-21 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before... |
| CVE-2018-21148 | 2020-04-21 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before... |
| CVE-2020-12051 | 2020-04-21 | The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the... |
| CVE-2020-12059 | 2020-04-22 | An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception. |
| CVE-2019-20102 | 2020-04-22 | The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a... |
| CVE-2020-11539 | 2020-04-22 | An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The... |
| CVE-2017-18789 | 2020-04-22 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94,... |
| CVE-2017-18788 | 2020-04-22 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400... |
| CVE-2020-11416 | 2020-04-22 | JetBrains Space through 2020-04-22 allows stored XSS in Chats. |
| CVE-2020-11685 | 2020-04-22 | In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. |
| CVE-2020-11686 | 2020-04-22 | In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. |
| CVE-2020-11687 | 2020-04-22 | In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. |
| CVE-2020-11688 | 2020-04-22 | In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. |
| CVE-2020-11689 | 2020-04-22 | In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. |
| CVE-2020-11690 | 2020-04-22 | In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. |
| CVE-2020-11691 | 2020-04-22 | In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. |
| CVE-2020-11692 | 2020-04-22 | In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. |
| CVE-2020-11693 | 2020-04-22 | JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. |
| CVE-2020-11795 | 2020-04-22 | In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. |
| CVE-2020-11796 | 2020-04-22 | In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. |
| CVE-2020-11938 | 2020-04-22 | In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. |
| CVE-2017-18787 | 2020-04-22 | Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050, before 1.0.1.12, WNR1000v4 before... |
| CVE-2020-8474 | 2020-04-22 | ABB System 800xA Weak Registry Permissions |
| CVE-2017-18786 | 2020-04-22 | Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before... |
| CVE-2017-18785 | 2020-04-22 | Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52,... |
| CVE-2018-21111 | 2020-04-22 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before... |
| CVE-2018-21112 | 2020-04-22 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. |
| CVE-2017-18784 | 2020-04-22 | Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12,... |
| CVE-2017-18783 | 2020-04-22 | Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26,... |
| CVE-2019-19104 | 2020-04-22 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Improper Authentication and Access Control |
| CVE-2017-18782 | 2020-04-22 | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26,... |
| CVE-2019-19105 | 2020-04-22 | ABB/Busch-Jaeger Telephone Gateway TG/S 3.2 Plaintext storing of credentials |
| CVE-2017-18781 | 2020-04-22 | Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26,... |
| CVE-2017-18780 | 2020-04-22 | Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020... |