National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,329 matching records.
Displaying matches 1341 through 1360.
Vuln ID Summary CVSS Severity
CVE-2018-21109

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 04:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21108

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 04:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21107

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 04:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21106

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 04:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.

Published: April 23, 2020; 03:15:13 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

Published: April 23, 2020; 03:15:13 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

Published: April 23, 2020; 03:15:13 PM -04:00
V3.1: 4.8 MEDIUM
    V2: 5.8 MEDIUM
CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 7.4 HIGH
    V2: 5.8 MEDIUM
CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-17101

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. This issue affects: Netatmo Smart Indoor Camera version and prior versions.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 6.7 MEDIUM
    V2: 4.6 MEDIUM
CVE-2018-21105

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21104

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21103

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 03:15:12 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 5.2 MEDIUM
CVE-2018-21102

NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.

Published: April 23, 2020; 03:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-21101

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Published: April 23, 2020; 03:15:11 PM -04:00
V3.1: 8.0 HIGH
    V2: 5.2 MEDIUM
CVE-2020-8797

Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network.

Published: April 23, 2020; 02:15:11 PM -04:00
V3.1: 6.7 MEDIUM
    V2: 6.9 MEDIUM
CVE-2020-7132

A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE Onboard Administrator. * OA 4.95 (Linux and Windows).

Published: April 23, 2020; 02:15:11 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

Published: April 23, 2020; 02:15:11 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-12112

BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion.

Published: April 23, 2020; 02:15:11 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-12105

OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.

Published: April 23, 2020; 01:15:12 PM -04:00
V3.1: 5.9 MEDIUM
    V2: 4.3 MEDIUM