The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2017-8897 | Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement. | MEDIUM | May 11, 2017 |
CVE-2017-8896 | ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. | MEDIUM | Jul 17, 2017 |
CVE-2017-8895 | In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on. | HIGH | May 10, 2017 |
CVE-2017-8894 | AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. | Medium | Jul 7, 2017 |
CVE-2017-8893 | AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. | Medium | Jul 7, 2017 |
CVE-2017-8892 | Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | MEDIUM | May 10, 2017 |
CVE-2017-8891 | Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads. | MEDIUM | May 10, 2017 |
CVE-2017-8890 | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | HIGH | May 10, 2017 |
CVE-2017-8879 | Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | MEDIUM | May 10, 2017 |
CVE-2017-8878 | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | MEDIUM | May 10, 2017 |
CVE-2017-8877 | ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | MEDIUM | May 10, 2017 |
CVE-2017-8876 | Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | MEDIUM | May 10, 2017 |
CVE-2017-8875 | CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | MEDIUM | May 10, 2017 |
CVE-2017-8874 | Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | MEDIUM | May 10, 2017 |
CVE-2017-8872 | The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. | MEDIUM | May 10, 2017 |
CVE-2017-8871 | The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. | HIGH | Jun 12, 2017 |
CVE-2017-8870 | Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. | Medium | Aug 3, 2017 |
CVE-2017-8869 | Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. | Medium | Aug 2, 2017 |
CVE-2017-8868 | acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF. | MEDIUM | May 10, 2017 |
CVE-2017-8867 | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device. | MEDIUM | Dec 11, 2017 |
CVE-2017-8866 | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | MEDIUM | Dec 11, 2017 |
CVE-2017-8865 | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. | MEDIUM | Dec 11, 2017 |
CVE-2017-8864 | Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side if (!passwordsAreEqual()) test. | HIGH | Nov 22, 2017 |
CVE-2017-8863 | Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser. | MEDIUM | Nov 22, 2017 |
CVE-2017-8862 | The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with root privileges. | HIGH | Nov 22, 2017 |
CVE-2017-8861 | Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | HIGH | Nov 22, 2017 |
CVE-2017-8860 | Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a GET // HTTP/1.1 request. | MEDIUM | Nov 22, 2017 |
CVE-2017-8859 | In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | HIGH | May 11, 2017 |
CVE-2017-8858 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | HIGH | May 11, 2017 |
CVE-2017-8857 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | HIGH | May 11, 2017 |
CVE-2017-8856 | In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | HIGH | May 11, 2017 |
CVE-2017-8855 | wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | MEDIUM | May 9, 2017 |
CVE-2017-8854 | wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | MEDIUM | May 9, 2017 |
CVE-2017-8853 | Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action. | MEDIUM | May 9, 2017 |
CVE-2017-8852 | SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560. | MEDIUM | May 10, 2017 |
CVE-2017-8851 | An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA. | MEDIUM | May 11, 2017 |
CVE-2017-8850 | An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). | MEDIUM | May 11, 2017 |
CVE-2017-8849 | smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. | HIGH | May 17, 2017 |
CVE-2017-8848 | Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | MEDIUM | May 8, 2017 |
CVE-2017-8847 | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8846 | The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8845 | The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8844 | The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8843 | The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8842 | The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. | MEDIUM | May 8, 2017 |
CVE-2017-8841 | Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | HIGH | Jun 5, 2017 |
CVE-2017-8840 | Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid. | MEDIUM | Jun 5, 2017 |
CVE-2017-8839 | XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi. | MEDIUM | Jun 5, 2017 |
CVE-2017-8838 | XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi. | MEDIUM | Jun 5, 2017 |
CVE-2017-8837 | Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | MEDIUM | Jun 5, 2017 |