The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2019-20663 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20662 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20661 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20660 | Certain NETGEAR devices are affected by stored XSS. This affects RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20659 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20658 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects FS728TLP before 1.0.1.26, GS105Ev2 before 1.6.0.4, GS105PE before 1.6.0.4, GS108Ev3 before 2.06.08, GS108PEv3 before 2.06.08, GS110EMX before 1.0.1.4, GS116Ev2 before 2.6.0.35, GS408EPP before 1.0.0.15, GS808E before 1.7.0.7, GS810EMX before 1.7.1.1, GS908E before 1.7.0.3, GSS108E before 1.6.0.4, GSS108EPP before 1.0.0.15, GSS116E before 1.6.0.9, JGS516PE before 2.6.0.35, JGS524Ev2 before 2.6.0.35, JGS524PE before 2.6.0.35, XS512EM before 1.0.1.1, XS708Ev2 before 1.6.0.23, XS716E before 1.6.0.23, and XS724EM before 1.0.1.1. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20657 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20656 | Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20655 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR500 before 2.3.2.56 and XR700 before 1.0.1.20. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20654 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20653 | Certain NETGEAR devices are affected by denial of service. This affects WAC505 before 8.0.6.4 and WAC510 before 8.0.6.4. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20652 | NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20651 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20650 | Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20649 | NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20648 | NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. | LOW | Apr 15, 2020 | n/a |
| CVE-2019-20647 | NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. | LOW | Apr 17, 2020 | n/a |
| CVE-2019-20646 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20645 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | LOW | Apr 17, 2020 | n/a |
| CVE-2019-20644 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | LOW | Apr 17, 2020 | n/a |
| CVE-2019-20643 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20642 | NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20641 | NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20640 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2019-20639 | Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | LOW | Apr 17, 2020 | n/a |
| CVE-2019-20638 | NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | MEDIUM | Apr 17, 2020 | n/a |
| CVE-2019-20637 | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers. | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2019-20636 | In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | HIGH | Apr 9, 2020 | n/a |
| CVE-2019-20635 | codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. | MEDIUM | Apr 2, 2020 | n/a |
| CVE-2019-20634 | An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | MEDIUM | Apr 2, 2020 | n/a |
| CVE-2019-20633 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20632 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20631 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20630 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20629 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20628 | An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Mar 25, 2020 | n/a |
| CVE-2019-20627 | AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | HIGH | Mar 25, 2020 | n/a |
| CVE-2019-20626 | The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | LOW | Mar 25, 2020 | n/a |
| CVE-2019-20625 | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | LOW | Mar 26, 2020 | n/a |
| CVE-2019-20624 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019). | MEDIUM | Mar 26, 2020 | n/a |
| CVE-2019-20623 | An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019). | LOW | Mar 26, 2020 | n/a |
| CVE-2019-20622 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019). | HIGH | Mar 26, 2020 | n/a |
| CVE-2019-20621 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019). | HIGH | Mar 26, 2020 | n/a |
| CVE-2019-20620 | An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019). | MEDIUM | Mar 26, 2020 | n/a |
| CVE-2019-20619 | An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 (March 2019). | MEDIUM | Mar 26, 2020 | n/a |
| CVE-2019-20618 | An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019). | MEDIUM | Mar 26, 2020 | n/a |
| CVE-2019-20617 | An issue was discovered on Samsung mobile devices with P(9.0) software. Secure Folder leaks preview data of recent apps. The Samsung ID is SVE-2018-13764 (March 2019). | MEDIUM | Mar 26, 2020 | n/a |
| CVE-2019-20616 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019). | MEDIUM | Mar 27, 2020 | n/a |
| CVE-2019-20615 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via SVoice T&C. The Samsung ID is SVE-2018-13547 (March 2019). | LOW | Mar 27, 2020 | n/a |
| CVE-2019-20614 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 (March 2019). | MEDIUM | Mar 27, 2020 | n/a |
