Export limit exceeded: 337273 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337273 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52020 | 1 Netgear | 5 R6400 Firmware, R7000p Firmware, R8500 and 2 more | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-52019 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51012 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51009 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51005 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | 8 High |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51013 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51015 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | ||||
| CVE-2024-51017 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51018 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51019 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-51020 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-52028 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-52029 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2024-52030 | 1 Netgear | 2 R7000p, R7000p Firmware | 2025-05-02 | 5.7 Medium |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2017-9844 | 1 Sap | 1 Netweaver | 2025-05-02 | 7.5 High |
| SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. NOTE: The vendor states that the devserver package of Visual Composer deserializes a malicious object that may cause legitimate users accessing a service, either by crashing or flooding the service. | ||||
| CVE-2022-37912 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-37903 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| A vulnerability exists that allows an authenticated attacker to overwrite an arbitrary file with attacker-controlled content via the web interface. Successful exploitation of this vulnerability could lead to full compromise the underlying host operating system. | ||||
| CVE-2022-37902 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2025-05-02 | 7.2 High |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | ||||
| CVE-2022-24309 | 1 Mendix | 1 Mendix | 2025-05-02 | 6.8 Medium |
| A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. | ||||
| CVE-2016-1585 | 1 Canonical | 1 Apparmor | 2025-05-02 | 9.8 Critical |
| In all versions of AppArmor mount rules are accidentally widened when compiled. | ||||