|
247161
|
4.3 |
MEDIUM
Network
|
openstack
|
swift
|
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these log…
|
CWE-200
Information Exposure
|
CVE-2017-8761
|
2024-11-21 12:34 |
2021-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247162
|
8.8 |
HIGH
Adjacent
|
dlink
|
dcs-1100_firmware
dcs-1130_firmware
|
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the…
|
CWE-255
Credentials Management
|
CVE-2017-8417
|
2024-11-21 12:34 |
2019-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247163
|
7.2 |
HIGH
Network
|
open-xchange
|
ox_cloud
|
Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.
|
CWE-285
Improper Authorization
|
CVE-2017-8777
|
2024-11-21 12:34 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247164
|
5.4 |
MEDIUM
Network
|
synacor
|
zimbra_collaboration_suite
|
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8783
|
2024-11-21 12:34 |
2018-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247165
|
7.8 |
HIGH
Local
|
cisecurity
|
cis-cat_pro_dashboard
|
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, the…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-8916
|
2024-11-21 12:34 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247166
|
5.4 |
MEDIUM
Network
|
synocor
|
zimbra_collaboration_suite
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Sho…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8802
|
2024-11-21 12:34 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247167
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map e…
|
NVD-CWE-noinfo
|
CVE-2017-8867
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247168
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traff…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-8866
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247169
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP tr…
|
CWE-200
Information Exposure
|
CVE-2017-8865
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247170
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system…
|
CWE-416
Use After Free
|
CVE-2017-8824
|
2024-11-21 12:34 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
