Total
4091 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18802 | 1 Netgear | 10 D7800, D7800 Firmware, Ex6200 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.
|
|||||
| CVE-2017-18801 | 1 Netgear | 10 D7000, D7000 Firmware, R6220 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.
|
|||||
| CVE-2017-18796 | 1 Netgear | 14 R6400, R6400 Firmware, R6700 and 11 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.
|
|||||
| CVE-2017-18795 | 1 Netgear | 4 D6100, D6100 Firmware, D6220 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.
|
|||||
| CVE-2017-18794 | 1 Netgear | 18 D6100, D6100 Firmware, R6300 and 15 more | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.
|
|||||
| CVE-2017-18793 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.
|
|||||
| CVE-2017-18792 | 1 Netgear | 2 D6100, D6100 Firmware | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.
|
|||||
| CVE-2017-18788 | 1 Netgear | 106 D3600, D3600 Firmware, D6000 and 103 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before ...
Show More |
|||||
| CVE-2017-18787 | 1 Netgear | 18 D6200, D6200 Firmware, Jnr1010 and 15 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050, before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
|
|||||
| CVE-2017-18786 | 1 Netgear | 18 D6200, D6200 Firmware, Jnr1010 and 15 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
|
|||||
| CVE-2017-18773 | 1 Netgear | 18 D6100, D6100 Firmware, D7800 and 15 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.
|
|||||
| CVE-2017-18767 | 1 Netgear | 26 D7800, D7800 Firmware, D8500 and 23 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.
|
|||||
| CVE-2017-18764 | 1 Netgear | 50 D6100, D6100 Firmware, D7000 and 47 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1 ...
Show More |
|||||
| CVE-2017-18762 | 1 Netgear | 24 D3600, D3600 Firmware, D6000 and 21 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
|
|||||
| CVE-2017-18754 | 1 Netgear | 6 Wndr3700, Wndr3700 Firmware, Wndr4300 and 3 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
|
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
|
|||||
| CVE-2017-18737 | 1 Netgear | 26 Jnr1010, Jnr1010 Firmware, Jr6150 and 23 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
|
|||||
| CVE-2017-18736 | 1 Netgear | 14 Jr6150, Jr6150 Firmware, R6050 and 11 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.
|
|||||
| CVE-2017-18735 | 1 Netgear | 12 Jr6150, Jr6150 Firmware, Pr2000 and 9 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.
|
|||||
| CVE-2017-18734 | 1 Netgear | 26 Jnr1010, Jnr1010 Firmware, Jr6150 and 23 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
|
|||||
| CVE-2017-18652 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017).
|
|||||
| CVE-2017-18634 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
|
|||||
| CVE-2017-18605 | 1 Gravitatedesign | 1 Gravitate Qa Tracker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.
|
|||||
| CVE-2017-18604 | 1 Sitebuilder Dynamic Components Project | 1 Sitebuilder Dynamic Components | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
|
|||||
| CVE-2017-18583 | 1 Post Pay Counter Project | 1 Post Pay Counter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
|
|||||
| CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
|
|||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
|
|||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
|
|||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
|
|||||
| CVE-2017-18266 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Xdg-utils | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
|
|||||
| CVE-2017-18049 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without sanitization into common software (including Microsoft Excel). For example, the CSV data may contain untrusted user input from the "First Name" field of a user's /myprofile page.
|
|||||
| CVE-2017-16043 | 1 Shout Project | 1 Shout | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
|
|||||
| CVE-2017-15714 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.
|
|||||
| CVE-2017-14523 | 1 Wondercms | 1 Wondercms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
|
|||||
| CVE-2017-14094 | 1 Trendmicro | 1 Smart Protection Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
|
|||||
| CVE-2017-10963 | 1 Samsung | 2 Knox Enterprise Mobility Management, Knox Identity Access Management | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.
|
|||||
| CVE-2017-1000493 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
|
|||||
| CVE-2017-1000454 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
|
|||||
| CVE-2017-1000453 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
|
|||||
| CVE-2017-0372 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
|
|||||
| CVE-2016-8901 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
|
|||||