CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1851 CVE-2018-21110 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1852 CVE-2018-21109 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1853 CVE-2018-21108 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1854 CVE-2018-21107 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1855 CVE-2018-21106 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1856 CVE-2018-21105 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1857 CVE-2018-21104 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1858 CVE-2018-21103 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1859 CVE-2018-21102 352 CSRF 2020-04-23 2020-05-07
6.8
None Remote Medium Not required Partial Partial Partial
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.
1860 CVE-2018-21101 78 2020-04-23 2020-04-23
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1861 CVE-2018-21100 78 2020-04-27 2020-04-27
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1862 CVE-2018-21099 78 2020-04-27 2020-04-27
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1863 CVE-2018-21098 78 2020-04-27 2020-04-27
5.2
None Local Network Low ??? Partial Partial Partial
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
1864 CVE-2018-21097 787 Overflow 2020-04-27 2020-05-04
7.5
None Remote Low Not required Partial Partial Partial
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.
1865 CVE-2018-21096 352 CSRF 2020-04-27 2020-05-04
4.9
None Local Network Medium ??? Partial Partial Partial
Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
1866 CVE-2018-21095 79 XSS 2020-04-27 2020-04-27
2.3
None Local Network Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.
1867 CVE-2018-21094 2020-04-27 2020-05-04
7.5
None Remote Low Not required Partial Partial Partial
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.
1868 CVE-2018-21093 787 Overflow 2020-04-27 2020-05-04
5.8
None Local Network Low Not required Partial Partial Partial
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56.
1869 CVE-2018-21092 20 2020-04-08 2020-04-09
3.3
None Local Network Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).
1870 CVE-2018-21091 755 2020-04-08 2020-04-08
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018).
1871 CVE-2018-21090 120 Overflow 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).
1872 CVE-2018-21089 190 Exec Code Overflow 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018).
1873 CVE-2018-21088 755 2020-04-08 2020-04-09
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018).
1874 CVE-2018-21087 787 Overflow 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).
1875 CVE-2018-21086 362 2020-04-08 2020-04-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).
1876 CVE-2018-21085 362 2020-04-08 2020-04-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).
1877 CVE-2018-21084 362 2020-04-08 2020-04-10
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).
1878 CVE-2018-21083 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018).
1879 CVE-2018-21082 863 Bypass 2020-04-08 2020-04-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).
1880 CVE-2018-21081 732 2020-04-08 2020-04-10
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).
1881 CVE-2018-21080 326 Bypass 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).
1882 CVE-2018-21079 401 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).
1883 CVE-2018-21078 20 2020-04-08 2020-04-09
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018).
1884 CVE-2018-21077 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).
1885 CVE-2018-21076 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).
1886 CVE-2018-21075 Exec Code 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018).
1887 CVE-2018-21074 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).
1888 CVE-2018-21073 200 +Info 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018).
1889 CVE-2018-21072 125 Exec Code 2020-04-08 2020-08-24
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018).
1890 CVE-2018-21071 200 +Info 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).
1891 CVE-2018-21070 354 Bypass 2020-04-08 2020-04-09
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).
1892 CVE-2018-21069 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018).
1893 CVE-2018-21068 20 2020-04-08 2020-04-09
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018).
1894 CVE-2018-21067 200 +Info 2020-04-08 2020-04-09
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018).
1895 CVE-2018-21066 120 Overflow Mem. Corr. 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).
1896 CVE-2018-21065 191 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018).
1897 CVE-2018-21064 120 Overflow 2020-04-08 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).
1898 CVE-2018-21063 2020-04-08 2020-04-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).
1899 CVE-2018-21062 287 2020-04-08 2020-04-09
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018).
1900 CVE-2018-21061 276 2020-04-08 2020-04-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).
Total number of vulnerabilities : 2187   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 (This Page)39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.