CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2151 CVE-2016-11056 2020-04-28 2020-05-05
9.0
None Remote Low ??? Complete Complete Complete
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.
2152 CVE-2016-11055 352 CSRF 2020-04-28 2020-05-05
4.3
None Remote Medium Not required None Partial None
Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.
2153 CVE-2016-11054 78 Exec Code 2020-04-28 2020-05-04
9.0
None Remote Low ??? Complete Complete Complete
NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.
2154 CVE-2016-11053 20 Bypass 2020-04-07 2020-04-08
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).
2155 CVE-2016-11052 20 Mem. Corr. 2020-04-07 2020-04-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).
2156 CVE-2016-11050 2020-04-07 2020-04-08
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
2157 CVE-2016-11049 2020-04-07 2020-04-08
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).
2158 CVE-2016-11048 20 Bypass 2020-04-07 2020-04-08
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).
2159 CVE-2016-11047 787 Overflow 2020-04-07 2020-04-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).
2160 CVE-2016-11046 20 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).
2161 CVE-2016-11045 119 Overflow Mem. Corr. 2020-04-07 2020-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).
2162 CVE-2016-11044 347 Bypass 2020-04-07 2020-04-07
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016).
2163 CVE-2016-11043 326 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).
2164 CVE-2016-11042 287 Bypass 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).
2165 CVE-2016-11041 287 Bypass 2020-04-07 2020-04-07
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).
2166 CVE-2016-11040 20 Bypass 2020-04-07 2020-04-09
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016).
2167 CVE-2016-11039 476 2020-04-07 2020-04-09
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).
2168 CVE-2016-11038 119 Exec Code Overflow 2020-04-07 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).
2169 CVE-2016-11036 862 Bypass 2020-04-07 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016).
2170 CVE-2016-11035 119 Overflow 2020-04-07 2020-04-09
4.9
None Local Low Not required None None Complete
An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016).
2171 CVE-2016-11034 755 2020-04-07 2020-04-09
7.1
None Remote Medium Not required None None Complete
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016).
2172 CVE-2016-11033 787 Overflow 2020-04-07 2020-04-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).
2173 CVE-2016-11032 20 2020-04-07 2020-04-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).
2174 CVE-2016-11031 20 2020-04-07 2020-04-07
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).
2175 CVE-2016-11030 362 Overflow 2020-04-07 2020-04-07
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).
2176 CVE-2016-11029 522 2020-04-07 2020-04-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).
2177 CVE-2016-11028 787 Overflow 2020-04-07 2020-04-07
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
2178 CVE-2016-11027 200 +Info 2020-04-07 2020-04-08
2.1
None Local Low Not required Partial None None
An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).
2179 CVE-2016-11026 755 2020-04-07 2020-04-08
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).
2180 CVE-2016-11025 787 Overflow 2020-04-07 2020-04-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).
2181 CVE-2015-9547 200 +Info 2020-04-10 2020-04-13
7.8
None Remote Low Not required Complete None None
An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).
2182 CVE-2015-9546 22 Dir. Trav. 2020-04-10 2020-04-13
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).
2183 CVE-2015-9545 20 2020-04-07 2020-04-08
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.
2184 CVE-2015-9544 20 2020-04-07 2020-04-08
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.
2185 CVE-2015-8546 787 Exec Code Overflow 2020-04-10 2020-04-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).
2186 CVE-2015-5524 120 Overflow 2020-04-10 2020-04-13
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).
2187 CVE-2013-7488 835 2020-04-07 2021-01-05
5.0
None Remote Low Not required None None Partial
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.
Total number of vulnerabilities : 2187   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.