VB 4-27 Medium Table (Ashleigh)

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

Vulnerability Severity:

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Not Yet Assigned

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.	2020-04-22	6.8	CVE-2017-18755 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.	2020-04-22	6.8	CVE-2017-18775 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	6.8	CVE-2017-18781 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	6.8	CVE-2017-18782 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.	2020-04-20	6.8	CVE-2017-18842 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.	2020-04-20	6.8	CVE-2017-18848 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.	2020-04-20	6.8	CVE-2017-18852 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.	2020-04-23	6.4	CVE-2018-21131 CONFIRM
lg -- multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).	2020-04-17	6.4	CVE-2019-20783 CONFIRM
libming -- libming	Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.	2020-04-19	6.4	CVE-2020-11894 MISC
libming -- libming	Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.	2020-04-19	6.4	CVE-2020-11895 MISC
netgear -- multiple_devices	Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10.	2020-04-22	6	CVE-2018-21120 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.	2020-04-23	5.8	CVE-2017-18732 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.	2020-04-23	5.8	CVE-2017-18733 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-23	5.8	CVE-2017-18734 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.	2020-04-23	5.8	CVE-2017-18735 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.	2020-04-23	5.8	CVE-2017-18736 CONFIRM
netgear -- multiple_devices		Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-23	5.8	CVE-2017-18737 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.	2020-04-23	5.8	CVE-2017-18738 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.	2020-04-23	5.8	CVE-2017-18739 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.	2020-04-23	5.8	CVE-2017-18744 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.	2020-04-23	5.8	CVE-2017-18750 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.	2020-04-22	5.8	CVE-2017-18762 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	5.8	CVE-2017-18764 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.	2020-04-22	5.8	CVE-2017-18772 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56.	2020-04-22	5.8	CVE-2018-21113 CONFIRM
netgear -- xr500_devices	NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.	2020-04-22	5.8	CVE-2018-21115 CONFIRM
netgear -- xr500_devices	NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers.	2020-04-22	5.8	CVE-2018-21116 CONFIRM
netgear -- xr500_devices	NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler.	2020-04-22	5.8	CVE-2018-21117 CONFIRM
netgear -- xr500_devices	NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass.	2020-04-22	5.8	CVE-2018-21118 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6.	2020-04-22	5.8	CVE-2018-21121 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects WC7500 before 6.5.3.9, WC7520 before 6.5.3.9, WC7600v1 before 6.5.3.9, and WC7600v2 before 6.5.3.9.	2020-04-22	5.8	CVE-2018-21123 CONFIRM
pretashop -- pretashop	In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5	2020-04-20	5.8	CVE-2020-5270 MISC CONFIRM
openmrs -- openmrs	In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators.	2020-04-17	5.8	CVE-2020-5732 MISC
openmrs -- openmrs	In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information.	2020-04-17	5.8	CVE-2020-5733 MISC
ibm -- maximo_asset_management	IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490.	2020-04-17	5.5	CVE-2019-4446 XF CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.	2020-04-22	5.2	CVE-2017-18754 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.	2020-04-22	5.2	CVE-2017-18758 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.	2020-04-22	5.2	CVE-2017-18759 CONFIRM
netgear -- r8000_devices	NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user.	2020-04-22	5.2	CVE-2017-18761 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.	2020-04-22	5.2	CVE-2017-18767 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.	2020-04-22	5.2	CVE-2017-18770 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21101 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21103 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21104 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21105 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21106 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21107 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21108 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21109 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.	2020-04-23	5.2	CVE-2018-21110 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12.	2020-04-22	5.2	CVE-2018-21112 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50.	2020-04-22	5.2	CVE-2018-21114 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.5.4 and WAC510 before 5.0.5.4.	2020-04-22	5.2	CVE-2018-21119 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.	2020-04-21	5.2	CVE-2018-21146 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.	2020-04-21	5.2	CVE-2018-21147 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.	2020-04-21	5.2	CVE-2018-21148 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.	2020-04-22	5.2	CVE-2018-21150 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.	2020-04-21	5	CVE-2017-18799 CONFIRM
lg -- multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).	2020-04-17	5	CVE-2019-20771 CONFIRM
byobu -- byobu_apport	Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu	2020-04-17	5	CVE-2019-7306 MISC MISC
ftpdmin -- ftpdmin	A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet.	2020-04-17	5	CVE-2020-10813 MISC MISC
lg -- multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).	2020-04-17	5	CVE-2020-11874 CONFIRM
evenroute -- iqrouter	In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily.	2020-04-21	5	CVE-2020-11964 MISC MISC
evenroute -- iqrouter	In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control.	2020-04-21	5	CVE-2020-11968 MISC MISC
vmware -- installbuilder	InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).	2020-04-20	5	CVE-2020-3946 CONFIRM
ibm -- tririga_application_platform	IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. IBM X-Force ID: 175993.	2020-04-17	5	CVE-2020-4277 XF CONFIRM
google -- android	There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284	2020-04-17	4.9	CVE-2019-2056 MISC
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.	2020-04-22	4.6	CVE-2017-18773 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.	2020-04-22	4.6	CVE-2017-18776 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	4.6	CVE-2017-18779 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.	2020-04-22	4.6	CVE-2017-18788 CONFIRM
netgear -- d6100_devices	NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.	2020-04-21	4.6	CVE-2017-18792 CONFIRM
netgear -- r7800_devices	NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.	2020-04-21	4.6	CVE-2017-18793 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.	2020-04-21	4.6	CVE-2017-18794 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.	2020-04-21	4.6	CVE-2017-18795 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.	2020-04-21	4.6	CVE-2017-18796 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.	2020-04-21	4.6	CVE-2017-18801 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.	2020-04-21	4.6	CVE-2017-18802 CONFIRM
netgear -- r7800_devices	Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4.	2020-04-21	4.6	CVE-2017-18804 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.	2020-04-21	4.6	CVE-2017-18805 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.	2020-04-21	4.6	CVE-2017-18806 CONFIRM
netgear -- readynas_os_6_devices	NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.	2020-04-21	4.6	CVE-2017-18808 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18822 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18826 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18829 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18830 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18837 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.6	CVE-2017-18838 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50.	2020-04-20	4.6	CVE-2017-18841 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.	2020-04-20	4.6	CVE-2017-18846 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.	2020-04-20	4.6	CVE-2017-18849 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.	2020-04-20	4.6	CVE-2017-18850 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.	2020-04-20	4.6	CVE-2017-18851 CONFIRM
lg -- multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 9.0 software. The HAL service has a buffer overflow that leads to arbitrary code execution. The LG ID is LVE-SMP-190013 (September 2019).	2020-04-17	4.6	CVE-2019-20770 CONFIRM
lg -- multiple_mobile_devices	An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).	2020-04-17	4.6	CVE-2019-20785 CONFIRM
google -- android	In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146056878	2020-04-17	4.6	CVE-2020-0076 MISC
google -- android	In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144766455	2020-04-17	4.6	CVE-2020-0078 MISC
google -- android	In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144506242	2020-04-17	4.6	CVE-2020-0079 MISC
lg -- g3_devices	An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). DLL Hijacking can occur via a Trojan horse DLL in the current working directory. The LG ID is LVE-MOT-190001 (November 2019).	2020-04-17	4.4	CVE-2019-20769 CONFIRM
autodesk -- dynamo_bim	An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.	2020-04-17	4.4	CVE-2020-7079 MISC
netgear -- multiple_devices	Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.	2020-04-23	4.3	CVE-2017-18745 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	4.3	CVE-2017-18783 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.	2020-04-22	4.3	CVE-2017-18784 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.	2020-04-21	4.3	CVE-2017-18800 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.3	CVE-2017-18833 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.3	CVE-2017-18834 CONFIRM
netgear -- multiple_devices	Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.	2020-04-20	4.3	CVE-2017-18835 CONFIRM
ibm -- maximo_asset_management	IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170880.	2020-04-17	4.3	CVE-2019-4644 XF CONFIRM
svg2png -- svg2png	svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.	2020-04-17	4.3	CVE-2020-11887 MISC
wordpress -- wordpress	The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.	2020-04-20	4.3	CVE-2020-11930 MISC MISC MISC
prestashop -- prestashop	In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. It allows anyone to execute arbitrary action. The problem is patched in the 1.7.6.5.	2020-04-20	4.3	CVE-2020-5264 CONFIRM CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. The problem is patched in 1.7.6.5.	2020-04-20	4.3	CVE-2020-5265 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. The problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5269 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5271 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. The problem is patched in 1.7.6.5	2020-04-20	4.3	CVE-2020-5272 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5276 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5278 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. The problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5285 MISC CONFIRM
prestashop -- prestashop	In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. The problem is fixed in 1.7.6.5	2020-04-20	4.3	CVE-2020-5286 MISC CONFIRM
openmrs -- openmrs	OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting.	2020-04-17	4.3	CVE-2020-5728 MISC
openmrs -- openmrs	In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue.	2020-04-17	4.3	CVE-2020-5729 MISC
openmrs -- openmrs	In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.	2020-04-17	4.3	CVE-2020-5730 MISC
openmrs -- openmrs	In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.	2020-04-17	4.3	CVE-2020-5731 MISC
autodesk -- fbx_software_development_kit	An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.	2020-04-17	4.3	CVE-2020-7083 MISC
autodesk -- fbx_software_development_kit	A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.	2020-04-17	4.3	CVE-2020-7084 MISC
huawei -- taurus_al00b_devices	Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. The software insufficiently validate the user's identity when a user wants to do certain operation. An attacker can trick user into installing a malicious application to exploit this vulnerability. Successful exploit may cause some information disclosure.	2020-04-20	4.3	CVE-2020-9070 CONFIRM CONFIRM

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.