CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000361 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
2 CVE-2017-1000360 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launches exceptions in the console. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
3 CVE-2017-1000359 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.
4 CVE-2017-1000358 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Component: OpenDaylight odl-restconf feature contains this flaw. Version: OpenDaylight 4.0 is affected by this flaw.
5 CVE-2017-1000357 DoS 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for the OpenFlow communication. Version: OpenDaylight versions 3.3 and 4.0 are affected by this flaw. Java version is openjdk version 1.8.0_91.
6 CVE-2017-8284 +Priv 2017-04-26 2017-04-26
0.0
None ??? ??? ??? ??? ??? ???
** DISPUTED ** The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes."
7 CVE-2017-8283 Dir. Trav. 2017-04-26 2017-04-26
0.0
None ??? ??? ??? ??? ??? ???
dpkg-source in dpkg through 1.8.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.
8 CVE-2017-8225 Bypass 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.
9 CVE-2017-8224 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
10 CVE-2017-8223 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
11 CVE-2017-8222 +Info 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information.
12 CVE-2017-8221 +Info 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network.
13 CVE-2017-8220 Exec Code 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
14 CVE-2017-8219 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
15 CVE-2017-8218 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
16 CVE-2017-8217 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
17 CVE-2017-8115 Dir. Trav. +Info 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.
18 CVE-2017-8110 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.
19 CVE-2017-8109 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
The salt-ssh minion code in SaltStack Salt before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).
20 CVE-2017-8106 DoS 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
21 CVE-2017-8105 Overflow 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
22 CVE-2017-8104 Dir. Trav. 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.
23 CVE-2017-8103 XSS 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
24 CVE-2017-8102 XSS 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
25 CVE-2017-8101 CSRF 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request.
26 CVE-2017-8100 CSRF 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
There is CSRF in the CopySafe Web Protection plugin before 2.6 for WordPress, allowing attackers to change plugin settings.
27 CVE-2017-8099 CSRF 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.
28 CVE-2017-8098 CSRF 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.
29 CVE-2017-8085 XSS 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php.
30 CVE-2017-8082 DoS CSRF 2017-04-24 2017-04-24
0.0
None ??? ??? ??? ??? ??? ???
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&imgData= URI. This results in a site-wide denial of service making the site not accessible to any users or any administrators.
31 CVE-2017-8078 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
32 CVE-2017-8077 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
33 CVE-2017-8076 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
34 CVE-2017-8075 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
35 CVE-2017-8074 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
36 CVE-2017-8073 Overflow 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
37 CVE-2017-8072 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.
38 CVE-2017-8071 DoS 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.
39 CVE-2017-8070 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
40 CVE-2017-8069 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
41 CVE-2017-8068 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
42 CVE-2017-8067 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
43 CVE-2017-8066 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
44 CVE-2017-8065 DoS Mem. Corr. 2017-04-23 2017-04-23
0.0
None ??? ??? ??? ??? ??? ???
crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
45 CVE-2017-8064 DoS Mem. Corr. 2017-04-23 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
46 CVE-2017-8063 DoS 2017-04-23 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
47 CVE-2017-8062 DoS Mem. Corr. 2017-04-23 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
48 CVE-2017-8061 DoS Mem. Corr. 2017-04-23 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
49 CVE-2017-8057 2017-04-25 2017-04-25
0.0
None ??? ??? ??? ??? ??? ???
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
50 CVE-2017-8056 DoS 2017-04-22 2017-04-22
0.0
None ??? ??? ??? ??? ??? ???
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends all authenticated sessions to the Firebox, including management connections, and prevents new authenticated sessions until the process has recovered. The Firebox may also experience an overall degradation in performance while the wgagent process recovers. An attacker could continuously send XML-RPC requests that contain references to external entities to perform a limited Denial of Service (DoS) attack against an affected Firebox.
Total number of vulnerabilities : 4612   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.