Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-26916 Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 b... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-26917 Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before... | 4.1 | MEDIUM | — | 0 |
| CVE-2020-26918 Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before ... | 4.1 | MEDIUM | — | 0 |
| CVE-2020-26920 Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110. | 8.8 | HIGH | — | 0 |
| CVE-2020-26921 Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3. | 8.3 | HIGH | — | 0 |
| CVE-2020-26922 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 6.4 | MEDIUM | — | 0 |
| CVE-2020-26923 Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 4.3 | MEDIUM | — | 0 |
| CVE-2020-26924 Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. | 3.1 | LOW | — | 0 |
| CVE-2020-26925 NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service. | 3.2 | LOW | — | 0 |
| CVE-2019-2194 In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional executio... | 7.8 | HIGH | — | 0 |
| CVE-2020-26926 Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, R... | 9.6 | CRITICAL | — | 0 |
| CVE-2020-26927 Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 b... | 9.4 | CRITICAL | — | 0 |
| CVE-2020-26928 Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, R... | 9.6 | CRITICAL | — | 0 |
| CVE-2020-26929 Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100. | 7.3 | HIGH | — | 0 |
| CVE-2020-26930 NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings. | 3.3 | LOW | — | 0 |
| CVE-2020-26931 Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-13955 HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-9105 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerabili... | 6.7 | MEDIUM | — | 0 |
| CVE-2020-26932 debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 4.3 | MEDIUM | — | 0 |
| CVE-2020-26934 phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-26935 An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search featu... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-26945 MyBatis before 3.5.6 mishandles deserialization of object streams. | 8.1 | HIGH | — | 0 |
| CVE-2020-26947 monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse libr... | 7.8 | HIGH | — | 0 |
| CVE-2020-26948 Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-14184 Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected ... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-5133 A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 versio... | 7.5 | HIGH | — | 0 |
| CVE-2020-29203 struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-5134 A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3,... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5136 A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5137 A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affe... | 7.5 | HIGH | — | 0 |
| CVE-2020-5138 A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability aff... | 7.5 | HIGH | — | 0 |
| CVE-2020-5139 A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerabil... | 7.5 | HIGH | — | 0 |
| CVE-2020-5140 A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses l... | 7.5 | HIGH | — | 0 |
| CVE-2020-5141 A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5142 A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in th... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-4773 A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web applicat... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-5143 SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4660 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the sys... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4661 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the sys... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4699 IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the sys... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4772 An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information... | 8.1 | HIGH | — | 0 |
| CVE-2020-24551 IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-4774 An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker ... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4775 A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for th... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4776 A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a spec... | 7.5 | HIGH | — | 0 |
| CVE-2020-4778 IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorithm for hashing token in a single instance which less safe than default SHA-256 cryptographic algorithm used throughout the Cúram a... | 7.5 | HIGH | — | 0 |
| CVE-2020-4779 A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass secu... | 8.1 | HIGH | — | 0 |
| CVE-2020-4780 OOTB build scripts does not set the secure attribute on session cookie which may impact IBM Curam Social Program Management 7.0.9 and 7.0,10. The purpose of the 'secure' attribute is to prevent cookie... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-3991 VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may... | 7.1 | HIGH | — | 0 |
| CVE-2020-24408 Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. This vulnerability could... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.