Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-74
Total 1756 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18786 1 Netgear 18 D6200, D6200 Firmware, Jnr1010 and 15 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
CVE-2017-18773 1 Netgear 18 D6100, D6100 Firmware, D7800 and 15 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.
CVE-2017-18767 1 Netgear 26 D7800, D7800 Firmware, D8500 and 23 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.
CVE-2017-18764 1 Netgear 50 D6100, D6100 Firmware, D7000 and 47 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
CVE-2017-18762 1 Netgear 24 D3600, D3600 Firmware, D6000 and 21 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
CVE-2017-18754 1 Netgear 6 Wndr3700, Wndr3700 Firmware, Wndr4300 and 3 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
CVE-2017-18737 1 Netgear 26 Jnr1010, Jnr1010 Firmware, Jr6150 and 23 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
CVE-2017-18736 1 Netgear 14 Jr6150, Jr6150 Firmware, R6050 and 11 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.
CVE-2017-18735 1 Netgear 12 Jr6150, Jr6150 Firmware, Pr2000 and 9 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.
CVE-2017-18734 1 Netgear 26 Jnr1010, Jnr1010 Firmware, Jr6150 and 23 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
CVE-2017-18652 1 Google 1 Android 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017).
CVE-2017-18634 1 Tagdiv 1 Newspaper 2024-11-21 7.5 HIGH 9.8 CRITICAL
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
CVE-2017-18605 1 Gravitatedesign 1 Gravitate Qa Tracker 2024-11-21 7.5 HIGH 9.8 CRITICAL
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.
CVE-2017-18604 1 Sitebuilder Dynamic Components Project 1 Sitebuilder Dynamic Components 2024-11-21 5.0 MEDIUM 7.5 HIGH
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.
CVE-2017-18583 1 Post Pay Counter Project 1 Post Pay Counter 2024-11-21 7.5 HIGH 9.8 CRITICAL
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection.
CVE-2017-18437 1 Cpanel 1 Cpanel 2024-11-21 3.6 LOW 4.4 MEDIUM
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
CVE-2017-18389 1 Cpanel 1 Cpanel 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
CVE-2017-18387 1 Cpanel 1 Cpanel 2024-11-21 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
CVE-2017-18386 1 Cpanel 1 Cpanel 2024-11-21 9.0 HIGH 7.2 HIGH
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
CVE-2017-18266 3 Canonical, Debian, Freedesktop 3 Ubuntu Linux, Debian Linux, Xdg-utils 2024-11-21 6.8 MEDIUM 8.8 HIGH
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.