Total
981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18793 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. | |||||
| CVE-2018-21146 | 1 Netgear | 12 D7800, D7800 Firmware, R7800 and 9 more | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | |||||
| CVE-2017-18801 | 1 Netgear | 10 D7000, D7000 Firmware, R6220 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50. | |||||
| CVE-2018-21112 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. | |||||
| CVE-2017-18851 | 1 Netgear | 10 D8500, D8500 Firmware, R6100 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12. | |||||
| CVE-2017-18806 | 1 Netgear | 20 Wac120, Wac120 Firmware, Wac510 and 17 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. | |||||
| CVE-2017-18802 | 1 Netgear | 10 D7800, D7800 Firmware, Ex6200 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. | |||||
| CVE-2017-18805 | 1 Netgear | 20 Wac120, Wac120 Firmware, Wac510 and 17 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. | |||||
| CVE-2017-18795 | 1 Netgear | 4 D6100, D6100 Firmware, D6220 and 1 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50. | |||||
| CVE-2017-18796 | 1 Netgear | 14 R6400, R6400 Firmware, R6700 and 11 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36. | |||||
| CVE-2017-18841 | 1 Netgear | 10 D7000, D7000 Firmware, R6220 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50. | |||||
| CVE-2020-11814 | 1 Qdpm | 1 Qdpm | 2020-04-22 | 5.8 MEDIUM | 5.4 MEDIUM |
| A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. | |||||
| CVE-2020-7111 | 1 Arubanetworks | 1 Clearpass | 2020-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
| CVE-2017-18849 | 1 Netgear | 32 D6220, D6220 Firmware, D6400 and 29 more | 2020-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82. | |||||
| CVE-2020-11703 | 1 Provideserver | 1 Provide Ftp Server | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. | |||||
| CVE-2020-11709 | 1 Cpp-httplib Project | 1 Cpp-httplib | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. | |||||
| CVE-2020-11002 | 1 Dropwizard | 1 Dropwizard Validation | 2020-04-13 | 9.0 HIGH | 8.8 HIGH |
| dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions. | |||||
| CVE-2018-21051 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | |||||
| CVE-2017-18652 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). | |||||
| CVE-2020-11593 | 1 Cipplanner | 1 Cipace | 2020-04-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address. | |||||