Search
Total
846 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18793 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. | |||||
| CVE-2018-21146 | 1 Netgear | 12 D7800, D7800 Firmware, R7800 and 9 more | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54. | |||||
| CVE-2017-18801 | 1 Netgear | 10 D7000, D7000 Firmware, R6220 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50. | |||||
| CVE-2018-21112 | 1 Netgear | 10 D7800, D7800 Firmware, R7500 and 7 more | 2020-04-23 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. | |||||
| CVE-2017-18851 | 1 Netgear | 10 D8500, D8500 Firmware, R6100 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12. | |||||
| CVE-2017-18806 | 1 Netgear | 20 Wac120, Wac120 Firmware, Wac510 and 17 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. | |||||
| CVE-2017-18802 | 1 Netgear | 10 D7800, D7800 Firmware, Ex6200 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22. | |||||
| CVE-2017-18805 | 1 Netgear | 20 Wac120, Wac120 Firmware, Wac510 and 17 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0. | |||||
| CVE-2017-18795 | 1 Netgear | 4 D6100, D6100 Firmware, D6220 and 1 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50. | |||||
| CVE-2017-18796 | 1 Netgear | 14 R6400, R6400 Firmware, R6700 and 11 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36. | |||||
| CVE-2017-18841 | 1 Netgear | 10 D7000, D7000 Firmware, R6220 and 7 more | 2020-04-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50. | |||||
| CVE-2020-11814 | 1 Qdpm | 1 Qdpm | 2020-04-22 | 5.8 MEDIUM | 5.4 MEDIUM |
| A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. | |||||
| CVE-2020-7111 | 1 Arubanetworks | 1 Clearpass | 2020-04-22 | 6.5 MEDIUM | 7.2 HIGH |
| A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher. | |||||
| CVE-2017-18849 | 1 Netgear | 32 D6220, D6220 Firmware, D6400 and 29 more | 2020-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82. | |||||
| CVE-2020-11703 | 1 Provideserver | 1 Provide Ftp Server | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. | |||||
| CVE-2020-11709 | 1 Cpp-httplib Project | 1 Cpp-httplib | 2020-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. | |||||
| CVE-2020-11002 | 1 Dropwizard | 1 Dropwizard Validation | 2020-04-13 | 9.0 HIGH | 8.8 HIGH |
| dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions. | |||||
| CVE-2020-5249 | 1 Puma | 1 Puma | 2020-04-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4. | |||||
| CVE-2018-21051 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | |||||
| CVE-2017-18652 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017). | |||||
| CVE-2020-11593 | 1 Cipplanner | 1 Cipace | 2020-04-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address. | |||||
| CVE-2020-11441 | 1 Phpmyadmin | 1 Phpmyadmin | 2020-04-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." | |||||
| CVE-2019-19330 | 3 Canonical, Debian, Haproxy | 3 Ubuntu Linux, Debian Linux, Haproxy | 2020-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks. | |||||
| CVE-2020-6982 | 1 Honeywell | 1 Win-pak | 2020-03-26 | 5.8 MEDIUM | 8.8 HIGH |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | |||||
| CVE-2013-7487 | 1 Swann | 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more | 2020-03-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000. | |||||
| CVE-2020-6858 | 1 Hotels | 1 Styx | 2020-03-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header. | |||||
| CVE-2020-5259 | 1 Linuxfoundation | 1 Dojox | 2020-03-11 | 5.0 MEDIUM | 8.6 HIGH |
| In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 | |||||
| CVE-2019-10794 | 1 Component-flatten Project | 1 Component-flatten | 2020-03-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2013-7324 | 1 Webkitgtk | 1 Webkitgtk | 2020-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing practices for GNOME desktop integration. | |||||
| CVE-2019-10792 | 1 Bodymen Project | 1 Bodymen | 2020-02-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2019-10793 | 1 Dot-object Project | 1 Dot-object | 2020-02-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2019-10795 | 1 Undefsafe Project | 1 Undefsafe | 2020-02-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. | |||||
| CVE-2014-4967 | 1 Redhat | 1 Ansible | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command. | |||||
| CVE-2014-4966 | 1 Redhat | 1 Ansible | 2020-02-26 | 7.5 HIGH | 9.8 CRITICAL |
| Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data. | |||||
| CVE-2014-4678 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657. | |||||
| CVE-2017-5246 | 1 Biscom | 1 Secure File Transfer | 2020-02-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028. | |||||
| CVE-2014-7236 | 1 Twiki | 1 Twiki | 2020-02-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome. | |||||
| CVE-2020-8800 | 1 Salesagility | 1 Suitecrm | 2020-02-19 | 6.5 MEDIUM | 8.8 HIGH |
| SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | |||||
| CVE-2020-5216 | 1 Twitter | 1 Secure Headers | 2020-02-18 | 5.0 MEDIUM | 5.8 MEDIUM |
| In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0. | |||||
| CVE-2014-5085 | 1 Sphider-plus | 1 Sphider-plus | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro. | |||||
| CVE-2014-5083 | 1 Sphider | 1 Sphider | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider. | |||||
| CVE-2013-7378 | 1 Hubot Scripts Project | 1 Hubot Scripts | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | |||||
| CVE-2013-7381 | 1 Libnotify Project | 1 Libnotify | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. | |||||
| CVE-2014-4172 | 3 Apereo, Debian, Fedoraproject | 5 .net Cas Client, Java Cas Client, Phpcas and 2 more | 2020-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | |||||
| CVE-2010-4658 | 1 Status | 1 Statusnet | 2020-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2020-5230 | 1 Apereo | 1 Opencast | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape working directories and write files to other locations. In addition, Opencast's Id.toString(…) vs Id.compact(…) behavior, the latter trying to mitigate some of the file system problems, can cause errors due to identifier mismatch since an identifier may unintentionally change. This issue is fixed in Opencast 7.6 and 8.1. | |||||
| CVE-2017-17518 | 1 White Dune Project | 1 White Dune | 2020-02-10 | 6.8 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".” | |||||
| CVE-2013-3628 | 1 Zabbix | 1 Zabbix | 2020-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | |||||