|
251501
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-18870
|
2024-11-21 12:21 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251502
|
2.5 |
LOW
Local
|
chownr_project
|
chownr
|
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2017-18869
|
2024-11-21 12:21 |
2020-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251503
|
7.7 |
HIGH
Network
|
digi
|
xbee_2_firmware
|
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-18868
|
2024-11-21 12:21 |
2020-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251504
|
6.8 |
MEDIUM
Physics
|
netgear
|
d6100_firmware
d7800_firmware
r7100lg_firmware
wndr4300_firmware
wndr4500_firmware
|
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90,…
|
CWE-20
Improper Input Validation
|
CVE-2017-18867
|
2024-11-21 12:21 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251505
|
6.1 |
MEDIUM
Network
|
netgear
|
6r7500_firmware
r6100_firmware
r7500_firmware
r7800_firmware
r9000_firmware
wndr4300_firmware
wnr2000_firmware
|
Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 befor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18866
|
2024-11-21 12:21 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251506
|
6.8 |
MEDIUM
Adjacent
|
netgear
|
r8500_firmware
r8300_firmware
|
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-18865
|
2024-11-21 12:21 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251507
|
8.8 |
HIGH
Adjacent
|
netgear
|
r6400_firmware
r6700_firmware
r6900_firmware
r6900p_firmware
r7000_firmware
r7000p_firmware
r7100lg_firmware
r7300_firmware
r7900_firmware
r8300_firmware
r8500_firmware
|
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7…
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-18864
|
2024-11-21 12:21 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251508
|
6.7 |
MEDIUM
Local
|
netgear
|
readynas_os_firmware
|
NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.
|
CWE-74
Injection
|
CVE-2017-18856
|
2024-11-21 12:21 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251509
|
8.8 |
HIGH
Adjacent
|
netgear
|
wnr854t_firmware
|
NETGEAR WNR854T devices before 1.5.2 are affected by command execution.
|
CWE-74
Injection
|
CVE-2017-18855
|
2024-11-21 12:21 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251510
|
6.7 |
MEDIUM
Local
|
netgear
|
readynas_os_firmware
|
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.
|
CWE-74
Injection
|
CVE-2017-18854
|
2024-11-21 12:21 |
2020-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
