CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2851 CVE-2017-18819 2020-04-21 2020-04-29
2.1
None Local Low Not required Partial None None
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.
2852 CVE-2017-18803 20 2020-04-21 2020-04-23
2.1
None Local Low Not required None Partial None
NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.
2853 CVE-2017-18798 20 2020-04-21 2020-04-24
2.1
None Local Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.
2854 CVE-2017-18797 200 +Info 2020-04-21 2020-04-27
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.
2855 CVE-2017-18790 200 +Info 2020-04-21 2020-04-27
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.
2856 CVE-2017-18789 200 +Info 2020-04-22 2020-04-23
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29.
2857 CVE-2017-18780 DoS 2020-04-22 2020-04-24
2.1
None Local Low Not required None None Partial
Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
2858 CVE-2017-18778 20 2020-04-22 2020-04-24
2.1
None Local Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
2859 CVE-2017-18777 522 2020-04-22 2020-04-24
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.
2860 CVE-2017-18769 200 +Info 2020-04-22 2020-04-23
2.1
None Local Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.
2861 CVE-2017-18673 20 2020-04-07 2020-04-08
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).
2862 CVE-2017-18646 287 Bypass 2020-04-08 2020-04-09
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).
2863 CVE-2017-18550 200 +Info 2019-08-19 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
2864 CVE-2017-18549 200 +Info 2019-08-19 2019-08-23
2.1
None Local Low Not required Partial None None
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
2865 CVE-2017-18465 20 2019-08-05 2019-08-12
2.1
None Local Low Not required None Partial None
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
2866 CVE-2017-18449 20 2019-08-02 2019-08-08
2.1
None Local Low Not required None Partial None
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).
2867 CVE-2017-18436 200 +Info 2019-08-02 2019-08-09
2.7
None Local Network Low ??? Partial None None
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
2868 CVE-2017-18432 200 +Info 2019-08-02 2019-08-12
2.1
None Local Low Not required Partial None None
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
2869 CVE-2017-18429 254 2019-08-02 2019-09-24
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
2870 CVE-2017-18427 275 2019-08-02 2019-08-12
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
2871 CVE-2017-18424 200 +Info 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
2872 CVE-2017-18423 532 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
2873 CVE-2017-18422 275 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
2874 CVE-2017-18421 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
2875 CVE-2017-18405 20 2019-08-02 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
2876 CVE-2017-18397 275 2019-08-02 2019-08-13
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
2877 CVE-2017-18392 20 2019-08-02 2019-08-13
2.1
None Remote High ??? None Partial None
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
2878 CVE-2017-18385 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
2879 CVE-2017-18384 284 2019-08-02 2019-08-06
2.1
None Local Low Not required Partial None None
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
2880 CVE-2017-18344 125 2018-07-26 2020-10-15
2.1
None Local Low Not required Partial None None
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
2881 CVE-2017-18332 200 +Info 2019-01-18 2019-01-25
2.1
None Local Low Not required Partial None None
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130
2882 CVE-2017-18327 310 2019-01-03 2019-01-10
2.1
None Local Low Not required Partial None None
Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.
2883 CVE-2017-18326 200 +Info 2019-01-03 2019-10-03
2.1
None Local Low Not required Partial None None
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.
2884 CVE-2017-18324 200 +Info 2019-01-03 2019-10-03
2.1
None Local Low Not required Partial None None
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016.
2885 CVE-2017-18323 320 2019-01-03 2019-01-10
2.1
None Local Low Not required Partial None None
Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130.
2886 CVE-2017-18322 200 +Info 2019-01-03 2019-10-03
2.1
None Local Low Not required Partial None None
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.
2887 CVE-2017-18321 200 +Info 2019-01-03 2019-01-25
2.1
None Local Low Not required Partial None None
Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.
2888 CVE-2017-18319 320 +Info 2019-01-03 2019-01-10
2.1
None Local Low Not required Partial None None
Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.
2889 CVE-2017-18281 125 2018-10-29 2018-12-11
2.1
None Local Low Not required Partial None None
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel
2890 CVE-2017-18232 DoS 2018-03-15 2019-10-03
2.1
None Local Low Not required None None Partial
The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
2891 CVE-2017-18226 732 Exec Code 2018-03-12 2019-10-03
2.1
None Local Low Not required None None Partial
The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.
2892 CVE-2017-18216 476 DoS 2018-03-05 2018-10-30
2.1
None Local Low Not required None None Partial
In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
2893 CVE-2017-18204 DoS 2018-02-27 2019-10-03
2.1
None Local Low Not required None None Partial
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
2894 CVE-2017-18196 22 Dir. Trav. Bypass 2018-02-23 2019-10-03
2.1
None Local Low Not required Partial None None
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif.
2895 CVE-2017-18188 59 2018-02-14 2018-03-09
2.1
None Local Low Not required Partial None None
OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which "chown -R" will be run.
2896 CVE-2017-18043 190 DoS Overflow 2018-01-31 2019-03-07
2.1
None Local Low Not required None None Partial
Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).
2897 CVE-2017-18030 125 DoS 2018-01-23 2020-09-10
2.1
None Local Low Not required None None Partial
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.
2898 CVE-2017-17864 200 +Info 2017-12-27 2018-01-13
2.1
None Local Low Not required Partial None None
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
2899 CVE-2017-17807 862 2017-12-20 2019-10-03
2.1
None Local Low Not required None Partial None
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
2900 CVE-2017-17769 200 +Info 2018-03-30 2018-04-23
2.1
None Local Low Not required Partial None None
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 (This Page)59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.