Security Vulnerabilities - CVEs Published In April 2020
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.3.6, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.98.
CVSS Score
6.8
EPSS Score
0.0
Published
2020-04-27
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-04-27
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-04-27
NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.
CVSS Score
7.6
EPSS Score
0.006
Published
2020-04-27
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-27
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-27
An issue was discovered in Open-AudIT 3.2.2. There is OS Command injection in Discovery.
CVSS Score
8.8
EPSS Score
0.04
Published
2020-04-27
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.
CVSS Score
9.8
EPSS Score
0.065
Published
2020-04-27
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.
CVSS Score
9.8
EPSS Score
0.065
Published
2020-04-27
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-04-27