Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21115 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2020-04-23 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | |||||
| CVE-2020-11536 | 1 Onlyoffice | 1 Document Server | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server. | |||||
| CVE-2020-11534 | 1 Onlyoffice | 1 Document Server | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server. | |||||
| CVE-2019-20778 | 1 Google | 1 Android | 2020-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Backup subsystem does not properly restrict operations or validate their input. The LG ID is LVE-SMP-190004 (June 2019). | |||||
| CVE-2017-18840 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-22 | 2.1 LOW | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2018-7560 | 1 Aws-lambda-multipart-parser Project | 1 Aws-lambda-multipart-parser | 2020-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | |||||
| CVE-2020-3239 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3240 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 8.5 HIGH | 7.3 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3247 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2020-04-15 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | |||||
| CVE-2018-20062 | 1 5none | 1 Nonecms | 2020-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. | |||||
| CVE-2020-3126 | 1 Cisco | 1 Webex Meetings Server | 2020-04-14 | 3.5 LOW | 3.5 LOW |
| vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window. | |||||
| CVE-2011-3063 | 1 Google | 1 Chrome | 2020-04-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors. | |||||
| CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | |||||
| CVE-2020-1984 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 7.2 HIGH | 7.8 HIGH |
| Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | |||||
| CVE-2018-21068 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | |||||
| CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | |||||
| CVE-2018-21078 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | |||||
| CVE-2017-18684 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017). | |||||
| CVE-2017-18683 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). | |||||