|
|
Security Vulnerabilities Published
In April 2020
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-8546 |
787 |
|
Exec Code Overflow |
2020-04-10 |
2020-04-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015). |
|
2 |
CVE-2016-11061 |
78 |
|
Exec Code |
2020-04-29 |
2020-05-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device. |
|
3 |
CVE-2017-18681 |
120 |
|
Overflow |
2020-04-07 |
2020-04-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7930 (March 2017). |
|
4 |
CVE-2017-18858 |
78 |
|
Exec Code |
2020-04-28 |
2020-05-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Certain NETGEAR devices are affected by command execution. This affects M4200-10MG-POE+ 12.0.2.11 and earlier, M4300-28G 12.0.2.11 and earlier, M4300-52G 12.0.2.11 and earlier, M4300-28G-POE+ 12.0.2.11 and earlier, M4300-52G-POE+ 12.0.2.11 and earlier, M4300-8X8F 12.0.2.11 and earlier, M4300-12X12F 12.0.2.11 and earlier, M4300-24X24F 12.0.2.11 and earlier, M4300-24X 12.0.2.11 and earlier, and M4300-48X 12.0.2.11 and earlier. |
|
5 |
CVE-2018-11106 |
77 |
|
|
2020-04-01 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5. |
|
6 |
CVE-2018-21049 |
787 |
|
|
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018). |
|
7 |
CVE-2018-21050 |
120 |
|
Exec Code Overflow |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018). |
|
8 |
CVE-2018-21051 |
74 |
|
Exec Code |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). |
|
9 |
CVE-2018-21052 |
119 |
|
Exec Code Overflow |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018). |
|
10 |
CVE-2018-21055 |
20 |
|
|
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). |
|
11 |
CVE-2018-21057 |
787 |
|
Overflow |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018). |
|
12 |
CVE-2018-21063 |
|
|
|
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). |
|
13 |
CVE-2018-21066 |
120 |
|
Overflow Mem. Corr. |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). |
|
14 |
CVE-2018-21072 |
125 |
|
Exec Code |
2020-04-08 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). |
|
15 |
CVE-2018-21089 |
190 |
|
Exec Code Overflow |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018). |
|
16 |
CVE-2018-21090 |
120 |
|
Overflow |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018). |
|
17 |
CVE-2019-10588 |
120 |
|
Overflow |
2020-04-16 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 |
|
18 |
CVE-2019-10589 |
120 |
|
|
2020-04-16 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 |
|
19 |
CVE-2019-10609 |
787 |
|
|
2020-04-16 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 |
|
20 |
CVE-2019-12002 |
|
|
Bypass |
2020-04-17 |
2020-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. |
|
21 |
CVE-2019-14110 |
120 |
|
Overflow |
2020-04-16 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 |
|
22 |
CVE-2019-14111 |
120 |
|
Overflow |
2020-04-16 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130 |
|
23 |
CVE-2019-14112 |
120 |
|
Overflow |
2020-04-16 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 |
|
24 |
CVE-2019-14113 |
190 |
|
Overflow |
2020-04-16 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 |
|
25 |
CVE-2019-14114 |
190 |
|
Overflow |
2020-04-16 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 |
|
26 |
CVE-2019-14127 |
120 |
|
Overflow |
2020-04-16 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 |
|
27 |
CVE-2019-14131 |
129 |
|
|
2020-04-16 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 |
|
28 |
CVE-2019-14132 |
787 |
|
Mem. Corr. |
2020-04-16 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150 |
|
29 |
CVE-2019-14134 |
125 |
|
|
2020-04-16 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 |
|
30 |
CVE-2020-0070 |
787 |
|
Exec Code |
2020-04-17 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148159613 |
|
31 |
CVE-2020-0071 |
787 |
|
Exec Code |
2020-04-17 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310721 |
|
32 |
CVE-2020-0072 |
787 |
|
Exec Code |
2020-04-17 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310271 |
|
33 |
CVE-2020-0073 |
787 |
|
Exec Code |
2020-04-17 |
2020-04-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147309942 |
|
34 |
CVE-2020-1615 |
798 |
|
|
2020-04-08 |
2020-04-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. |
|
35 |
CVE-2020-3161 |
20 |
|
DoS Exec Code |
2020-04-15 |
2021-08-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. |
|
36 |
CVE-2020-3247 |
22 |
|
Dir. Trav. Bypass |
2020-04-15 |
2020-04-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
|
37 |
CVE-2020-3248 |
22 |
|
Dir. Trav. Bypass |
2020-04-15 |
2020-04-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
|
38 |
CVE-2020-3847 |
125 |
|
|
2020-04-01 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. |
|
39 |
CVE-2020-4415 |
787 |
|
Exec Code Overflow |
2020-04-23 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. IBM X-Force ID: 179990. |
|
40 |
CVE-2020-5868 |
78 |
|
Exec Code |
2020-04-24 |
2020-05-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. |
|
41 |
CVE-2020-6852 |
287 |
|
|
2020-04-02 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required. |
|
42 |
CVE-2020-7136 |
|
|
|
2020-04-30 |
2020-05-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). |
|
43 |
CVE-2020-8481 |
922 |
|
|
2020-04-29 |
2021-09-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. |
|
44 |
CVE-2020-9279 |
798 |
|
|
2020-04-20 |
2020-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded account allows management-interface login with high privileges. The logged-in user can perform critical tasks and take full control of the device. |
|
45 |
CVE-2020-10511 |
78 |
|
|
2020-04-15 |
2022-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL. |
|
46 |
CVE-2020-10515 |
427 |
|
Exec Code |
2020-04-02 |
2020-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. |
|
47 |
CVE-2020-10569 |
434 |
|
Exec Code |
2020-04-21 |
2021-02-25 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938. |
|
48 |
CVE-2020-10621 |
434 |
|
|
2020-04-09 |
2020-04-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). |
|
49 |
CVE-2020-10948 |
74 |
|
Exec Code |
2020-04-01 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests. |
|
50 |
CVE-2020-11543 |
798 |
|
|
2020-04-08 |
2020-07-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. |
|
|
