|
|
Security Vulnerabilities
(CVSS score between 5 and 5.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5951 |
CVE-2017-8452 |
769 |
|
|
2017-06-16 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. |
|
5952 |
CVE-2017-8451 |
601 |
|
|
2017-06-16 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. |
|
5953 |
CVE-2017-8447 |
269 |
|
+Priv |
2017-09-28 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
|
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. |
|
5954 |
CVE-2017-8412 |
119 |
|
Exec Code Overflow |
2019-07-02 |
2019-07-10 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack. |
|
5955 |
CVE-2017-8409 |
285 |
|
|
2019-07-02 |
2019-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. |
|
5956 |
CVE-2017-8405 |
287 |
|
|
2019-07-02 |
2019-07-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. |
|
5957 |
CVE-2017-8398 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. |
|
5958 |
CVE-2017-8397 |
119 |
|
Overflow |
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
5959 |
CVE-2017-8396 |
20 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
5960 |
CVE-2017-8395 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |
|
5961 |
CVE-2017-8394 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. |
|
5962 |
CVE-2017-8393 |
125 |
|
|
2017-05-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. |
|
5963 |
CVE-2017-8392 |
476 |
|
|
2017-05-01 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. |
|
5964 |
CVE-2017-8388 |
|
|
Bypass |
2017-05-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. |
|
5965 |
CVE-2017-8385 |
640 |
|
|
2017-05-01 |
2017-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. |
|
5966 |
CVE-2017-8383 |
|
|
|
2017-05-01 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. |
|
5967 |
CVE-2017-8341 |
20 |
|
|
2019-05-22 |
2019-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. |
|
5968 |
CVE-2017-8308 |
269 |
|
Bypass |
2017-04-27 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense feature of the product, opening a door to subsequent attack on many of its components. |
|
5969 |
CVE-2017-8296 |
522 |
|
|
2017-04-27 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of the master password if the "password" command is used with an argument. The names of the password entries created and consulted are also accessible in cleartext. |
|
5970 |
CVE-2017-8294 |
125 |
|
DoS |
2017-04-27 |
2017-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function. |
|
5971 |
CVE-2017-8290 |
119 |
|
Overflow |
2017-07-06 |
2017-07-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A potential Buffer Overflow Vulnerability (from a BB Code handling issue) has been identified in TeamSpeak Server version 3.0.13.6 (08/11/2016 09:48:33), it enables the users to Crash any WINDOWS Client that clicked into a Vulnerable Channel of a TeamSpeak Server. |
|
5972 |
CVE-2017-8280 |
119 |
|
Overflow |
2017-09-21 |
2019-10-02 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. |
|
5973 |
CVE-2017-8279 |
362 |
|
|
2017-11-16 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information. |
|
5974 |
CVE-2017-8270 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. |
|
5975 |
CVE-2017-8266 |
416 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
|
5976 |
CVE-2017-8265 |
415 |
|
|
2017-08-18 |
2017-08-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. |
|
5977 |
CVE-2017-8229 |
255 |
|
|
2019-07-03 |
2019-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. |
|
5978 |
CVE-2017-8227 |
254 |
|
|
2019-07-03 |
2019-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value "Sender not authorized." |
|
5979 |
CVE-2017-8223 |
287 |
|
|
2017-04-25 |
2017-05-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. |
|
5980 |
CVE-2017-8222 |
522 |
|
+Info |
2017-04-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. |
|
5981 |
CVE-2017-8221 |
311 |
|
+Info |
2017-04-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
5982 |
CVE-2017-8217 |
|
|
|
2017-04-25 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. |
|
5983 |
CVE-2017-8213 |
295 |
|
|
2017-11-22 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. |
|
5984 |
CVE-2017-8182 |
125 |
|
|
2017-11-22 |
2017-12-11 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a out-of-bound read vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter and cause to memory out-of-bound read. |
|
5985 |
CVE-2017-8177 |
347 |
|
|
2017-11-22 |
2017-12-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking. |
|
5986 |
CVE-2017-8176 |
|
|
Bypass |
2018-03-20 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 versions has an authentication bypass vulnerability. An attacker could exploit this vulnerability to access the serial interface and modify the configuration. Successful exploit could lead to the authentication bypass and view channels by free. |
|
5987 |
CVE-2017-8174 |
326 |
|
+Info |
2017-11-22 |
2017-12-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links. |
|
5988 |
CVE-2017-8153 |
275 |
|
Exec Code +Info |
2017-11-22 |
2017-12-12 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak. |
|
5989 |
CVE-2017-8148 |
362 |
|
DoS |
2017-11-22 |
2017-12-12 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot. |
|
5990 |
CVE-2017-8147 |
20 |
|
|
2017-11-22 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 5800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 6800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 7800 with software V100R003C00, V100R005C00, V100R005C10, V100R006C00, V200R001C00,CloudEngine 8800 with software V100R006C00, V200R001C00,E600 V200R008C00,S12700 with software V200R005C00, V200R006C00, V200R007C00, V200R008C00,S1700 with software V100R006C00, V100R007C00, V200R006C00,S2300 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S2700 with software V100R005C00, V100R006C00, V100R006C03, V100R006C05, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R005C01, V200R005C02, V200R005C03, V200R006C00, V200R007C00, V200R008C00,S5300 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S5700 with software V100R005C00, V100R006C00, V100R006C01, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S6300 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R008C00,S6700 with software V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R003C02, V200R003C10, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S7700 with software V100R003C00, V100R006C00, V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,S9300 with software V100R001C00, V100R002C00, V100R003C00, V100R006C00, V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R008C10,S9700 with software V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00,Secospace USG6600 V500R001C00SPC050 have a MaxAge LSA vulnerability due to improper OSPF implementation. When the device receives special LSA packets, the LS (Link Status) age would be set to MaxAge, 3600 seconds. An attacker can exploit this vulnerability to poison the route table and launch a DoS attack. |
|
5991 |
CVE-2017-8121 |
200 |
|
+Info |
2017-11-22 |
2017-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. |
|
5992 |
CVE-2017-8115 |
22 |
|
Dir. Trav. +Info |
2017-04-25 |
2017-05-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information. |
|
5993 |
CVE-2017-8104 |
22 |
|
Dir. Trav. |
2017-04-24 |
2017-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter. |
|
5994 |
CVE-2017-8099 |
352 |
|
CSRF |
2017-04-24 |
2017-04-28 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request. |
|
5995 |
CVE-2017-8078 |
287 |
|
|
2017-04-23 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. |
|
5996 |
CVE-2017-8077 |
798 |
|
|
2017-04-23 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. |
|
5997 |
CVE-2017-8075 |
532 |
|
|
2017-04-23 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. |
|
5998 |
CVE-2017-8074 |
532 |
|
|
2017-04-23 |
2017-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. |
|
5999 |
CVE-2017-8073 |
119 |
|
Overflow |
2017-04-23 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. |
|
6000 |
CVE-2017-8057 |
200 |
|
+Info |
2017-04-25 |
2017-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. |
|
|
