Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9294 | 1 Fortinet | 2 Fortimail, Fortivoice | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface. | |||||
| CVE-2020-11822 | 1 Rukovoditel | 1 Rukovoditel | 2020-05-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data. | |||||
| CVE-2018-21097 | 1 Netgear | 22 Wac120, Wac120 Firmware, Wac505 and 19 more | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. | |||||
| CVE-2018-21224 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2018-7311 | 1 Privatevpn | 1 Privatevpn | 2020-05-04 | 9.0 HIGH | 8.8 HIGH |
| ** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. The software installs a privileged helper tool that runs as the root user. This privileged helper tool is installed as a LaunchDaemon and implements an XPC service. The XPC service is responsible for handling new VPN connection operations via the main PrivateVPN application. The privileged helper tool creates new VPN connections by executing the openvpn binary located in the /Applications/PrivateVPN.app/Contents/Resources directory. The openvpn binary can be overwritten by the default user, which allows an attacker that has already installed malicious software as the default user to replace the binary. When a new VPN connection is established, the privileged helper tool will launch this malicious binary, thus allowing an attacker to execute code as the root user. NOTE: the vendor has reportedly indicated that this behavior is "an acceptable part of their software." | |||||
| CVE-2018-7715 | 1 Privatevpn | 1 Privatevpn | 2020-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the path string from the corresponding XPC message. This string is supposed to point to PrivateVPN's internal openvpn binary. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the path string pointing at a binary that he or she controls. This results in the execution of arbitrary code as the root user. | |||||
| CVE-2018-7716 | 1 Privatevpn | 1 Privatevpn | 2020-05-04 | 10.0 HIGH | 9.8 CRITICAL |
| PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the config string from the corresponding XPC message. This string is supposed to point to an internal OpenVPN configuration file. If a new connection has not already been established, an attacker can send the XPC service a malicious XPC message with the config string pointing at an OpenVPN configuration file that he or she controls. In the configuration file, an attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the root user. | |||||
| CVE-2019-1084 | 1 Microsoft | 9 Exchange Server, Lync, Lync Basic and 6 more | 2020-05-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'. | |||||
| CVE-2018-21214 | 1 Netgear | 18 D3600, D3600 Firmware, D6000 and 15 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, EX2700 before 1.0.1.28, R6100 before 1.0.1.20, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56. | |||||
| CVE-2018-21215 | 1 Netgear | 18 D3600, D3600 Firmware, D6000 and 15 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, EX2700 before 1.0.1.28, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56. | |||||
| CVE-2016-11060 | 1 Netgear | 8 Fvs318g, Fvs318g Firmware, Fvs318n and 5 more | 2020-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10. | |||||
| CVE-2017-18859 | 1 Netgear | 8 C6300, C6300 Firmware, Cm400 and 5 more | 2020-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30. | |||||
| CVE-2018-21218 | 1 Netgear | 22 D3600, D3600 Firmware, D6000 and 19 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2018-21219 | 1 Netgear | 22 D3600, D3600 Firmware, D6000 and 19 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2017-12358 | 1 Cisco | 1 Jabber | 2020-05-04 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088. | |||||
| CVE-2018-15669 | 1 Bloop | 1 Airmail 3 | 2020-05-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not forbidden by the policy. An attacker may abuse HTML plug-in elements within an email to trigger frame navigation requests that bypass this filter. | |||||
| CVE-2018-7281 | 1 Cactusvpn | 1 Cactusvpn | 2020-05-04 | 9.0 HIGH | 8.8 HIGH |
| CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. The binary takes a single command line argument and passes this argument to a system() call, thus allowing low privileged users to execute commands as root. | |||||
| CVE-2018-21220 | 1 Netgear | 22 D3600, D3600 Firmware, D6000 and 19 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2018-21222 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-05-04 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2018-21225 | 1 Netgear | 28 D7000, D7000 Firmware, D7800 and 25 more | 2020-05-04 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6700 before 1.0.1.30, R6700v2 before 1.2.0.16, R6800 before 1.2.0.16, R6900 before 1.0.1.30, R6900P before 1.2.0.22, R6900v2 before 1.2.0.16, R7000 before 1.0.9.12, R7000P before 1.2.0.22, R7500v2 before 1.0.3.20, R7800 before 1.0.2.44, R8300 before 1.0.2.106, R8500 before 1.0.2.106, and R9000 before 1.0.2.52. | |||||
| CVE-2017-15357 | 1 Arqbackup | 1 Arq | 2020-05-04 | 6.9 MEDIUM | 7.4 HIGH |
| The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself. | |||||
| CVE-2017-15298 | 2 Canonical, Git-scm | 2 Ubuntu Linux, Git | 2020-05-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | |||||
| CVE-2018-11233 | 2 Canonical, Git-scm | 2 Ubuntu Linux, Git | 2020-05-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | |||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 9 Ubuntu Linux, Debian Linux, Git and 6 more | 2020-05-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | |||||
| CVE-2019-17559 | 1 Apache | 1 Traffic Server | 2020-05-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | |||||
| CVE-2019-17565 | 1 Apache | 1 Traffic Server | 2020-05-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | |||||
| CVE-2020-1944 | 1 Apache | 1 Traffic Server | 2020-05-02 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | |||||
| CVE-2020-12468 | 1 Intelliants | 1 Subrion | 2020-05-01 | 6.8 MEDIUM | 7.8 HIGH |
| Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. | |||||
| CVE-2020-12467 | 1 Intelliants | 1 Subrion | 2020-05-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | |||||
| CVE-2017-18713 | 1 Netgear | 16 D7800, D7800 Firmware, R6700 and 13 more | 2020-05-01 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. | |||||
| CVE-2019-20791 | 1 Google | 1 Openthread | 2020-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc. | |||||
| CVE-2020-6579 | 1 Mailbeez | 1 Mailbeez | 2020-05-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter. | |||||
| CVE-2019-20719 | 1 Netgear | 30 D6220, D6220 Firmware, D6400 and 27 more | 2020-05-01 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D8500 before 1.0.3.43, R6250 before 1.0.4.34, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R7000P before 1.4.1.30, R7100LG before 1.0.0.48, R7300DST before 1.0.0.68, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. | |||||
| CVE-2018-21172 | 1 Netgear | 12 R7800, R7800 Firmware, R9000 and 9 more | 2020-05-01 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||
| CVE-2018-21163 | 1 Netgear | 40 Dgn2200, Dgn2200 Firmware, Dgn2200b and 37 more | 2020-05-01 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200Bv4 before 1.0.0.102, DGN2200v4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.38, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6300v2 before 1.0.4.22, R6900P before 1.3.0.18, R7000P before 1.3.0.18, R7300DST before 1.0.0.62, R7900P before 1.3.0.10, R8000 before 1.0.4.12, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.52, and WNDR3400v3 before 1.0.1.18. | |||||
| CVE-2017-18855 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2020-05-01 | 8.3 HIGH | 8.8 HIGH |
| NETGEAR WNR854T devices before 1.5.2 are affected by command execution. | |||||
| CVE-2020-1741 | 1 Redhat | 1 Openshift Container Platform | 2020-05-01 | 4.0 MEDIUM | 5.9 MEDIUM |
| A flaw was found in openshift-ansible. OpenShift Container Platform (OCP) 3.11 is too permissive in the way it specified CORS allowed origins during installation. An attacker, able to man-in-the-middle the connection between the user's browser and the openshift console, could use this flaw to perform a phishing attack. The main threat from this vulnerability is data confidentiality. | |||||
| CVE-2018-21213 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | |||||
| CVE-2020-12442 | 1 Ivanti | 1 Avalanche | 2020-05-01 | 7.5 HIGH | 9.8 CRITICAL |
| Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. | |||||
| CVE-2018-21200 | 1 Netgear | 4 R7800, R7800 Firmware, R9000 and 1 more | 2020-05-01 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.3.6. | |||||
| CVE-2018-21182 | 1 Netgear | 8 R7800, R7800 Firmware, R9000 and 5 more | 2020-05-01 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, and WNDR4300 before 1.0.2.94. | |||||
| CVE-2018-21170 | 1 Netgear | 10 Ex2700, Ex2700 Firmware, R7800 and 7 more | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX2700 before 1.0.1.28, R7800 before 1.0.2.40, WN2000RPTv3 before 1.0.1.20, WN3000RPv3 before 1.0.2.50, and WN3100RPv2 before 1.0.0.56. | |||||
| CVE-2020-11004 | 1 Admidio | 1 Admidio | 2020-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. | |||||
| CVE-2017-18709 | 1 Netgear | 4 R8300, R8300 Firmware, R8500 and 1 more | 2020-05-01 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94. | |||||
| CVE-2018-21221 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, and R9000 before 1.0.2.52. | |||||
| CVE-2017-18712 | 1 Netgear | 14 D7800, D7800 Firmware, R6100 and 11 more | 2020-05-01 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. | |||||
| CVE-2018-21158 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings. | |||||
| CVE-2018-21217 | 1 Netgear | 8 D3600, D3600 Firmware, D6000 and 5 more | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20. | |||||
| CVE-2018-21216 | 1 Netgear | 8 D3600, D3600 Firmware, D6000 and 5 more | 2020-05-01 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20. | |||||
| CVE-2018-21177 | 1 Netgear | 16 D6100, D6100 Firmware, R6100 and 13 more | 2020-05-01 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | |||||