CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-8948 The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged us... | 7.8 | HIGH | — | 0 |
| CVE-2020-11783 Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-4268 IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4269 IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external compone... | 7.5 | HIGH | — | 0 |
| CVE-2020-4270 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. | 7.8 | HIGH | — | 0 |
| CVE-2020-4271 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897. | 6.3 | MEDIUM | — | 0 |
| CVE-2020-4272 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, whic... | 8.8 | HIGH | — | 0 |
| CVE-2020-4274 IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4294 IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne... | 6.3 | MEDIUM | — | 0 |
| CVE-2020-0557 Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local acce... | 7.8 | HIGH | — | 0 |
| CVE-2020-0558 Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-0568 Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. | 4.7 | MEDIUM | — | 0 |
| CVE-2020-0576 Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-0577 Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 | HIGH | — | 0 |
| CVE-2020-0578 Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 | HIGH | — | 0 |
| CVE-2019-20639 Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-20640 Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.... | 8.8 | HIGH | — | 0 |
| CVE-2019-20641 NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | 8.8 | HIGH | — | 0 |
| CVE-2019-20642 NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | 8.0 | HIGH | — | 0 |
| CVE-2019-20643 NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2019-20644 NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-20645 NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | 4.8 | MEDIUM | — | 0 |
| CVE-2019-20650 Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. | 7.5 | HIGH | — | 0 |
| CVE-2020-11787 Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-11788 Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 ... | 8.8 | HIGH | — | 0 |
| CVE-2020-11789 Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11790 NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11791 NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-20765 NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 | MEDIUM | — | 0 |
| CVE-2020-11792 NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | 7.5 | HIGH | — | 0 |
| CVE-2020-3953 Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 4.8 | MEDIUM | — | 0 |
| CVE-2020-3954 Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-5346 RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator ... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-5350 Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privilege... | 7.9 | HIGH | — | 0 |
| CVE-2020-7113 A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of s... | 4.9 | MEDIUM | — | 0 |
| CVE-2019-12521 An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement... | 5.9 | MEDIUM | — | 0 |
| CVE-2019-12522 An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid le... | 4.5 | MEDIUM | — | 0 |
| CVE-2019-12524 An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20651 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. | 6.7 | MEDIUM | — | 0 |
| CVE-2019-20652 NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20766 NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 | MEDIUM | — | 0 |
| CVE-2019-20653 Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20654 Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | 7.5 | HIGH | — | 0 |
| CVE-2019-20655 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. | 7.8 | HIGH | — | 0 |
| CVE-2019-20656 Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 be... | 8.8 | HIGH | — | 0 |
| CVE-2019-20657 Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 bef... | 8.0 | HIGH | — | 0 |
| CVE-2019-20658 Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 ... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-20659 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900... | 7.2 | HIGH | — | 0 |
| CVE-2019-20660 Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.3... | 4.8 | MEDIUM | — | 0 |
| CVE-2019-20661 Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.