CVE-2017-8078 CVSS:0.0
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8077 CVSS:0.0
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8076 CVSS:0.0
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8075 CVSS:0.0
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8074 CVSS:0.0
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8073 CVSS:0.0
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8072 CVSS:0.0
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8071 CVSS:0.0
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8070 CVSS:0.0
drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. (Last Update:2017-04-23) (Publish Update:2017-04-23)
CVE-2017-8069 CVSS:0.0
drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. (Last Update:2017-04-23) (Publish Update:2017-04-23)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com