Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18798 | 1 Netgear | 10 D1500, D1500 Firmware, D500 and 7 more | 2020-04-24 | 2.1 LOW | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. | |||||
| CVE-2017-18747 | 1 Netgear | 16 Ex3700, Ex3700 Firmware, Ex3800 and 13 more | 2020-04-23 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46. | |||||
| CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2020-04-23 | 2.7 LOW | 4.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
| CVE-2017-18803 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 2.1 LOW | 6.2 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. | |||||
| CVE-2018-21140 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2020-04-23 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | |||||
| CVE-2020-10211 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2020-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. A successful exploit could allow an attacker to gain access to sensitive information. | |||||
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2020-04-23 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | |||||
| CVE-2020-11536 | 1 Onlyoffice | 1 Document Server | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server. | |||||
| CVE-2020-11534 | 1 Onlyoffice | 1 Document Server | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server. | |||||
| CVE-2019-20778 | 1 Google | 1 Android | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019). | |||||
| CVE-2017-18840 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-22 | 2.1 LOW | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2018-7560 | 1 Aws-lambda-multipart-parser Project | 1 Aws-lambda-multipart-parser | 2020-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | |||||
| CVE-2020-3240 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 8.5 HIGH | 7.3 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2011-3964 | 1 Google | 1 Chrome | 2020-04-17 | 5.8 MEDIUM | N/A |
| Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors. | |||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2020-04-15 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | |||||
| CVE-2018-20062 | 1 5none | 1 Nonecms | 2020-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |||||
| CVE-2020-3126 | 1 Cisco | 1 Webex Meetings Server | 2020-04-14 | 3.5 LOW | 3.5 LOW |
| vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window. | |||||
| CVE-2011-3063 | 1 Google | 1 Chrome | 2020-04-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. | |||||
| CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | |||||
| CVE-2020-1984 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 7.2 HIGH | 7.8 HIGH |
| Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | |||||