|
247781
|
9.8 |
CRITICAL
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password strin…
|
CWE-287
Improper Authentication
|
CVE-2017-5619
|
2024-11-21 12:28 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247782
|
9.8 |
CRITICAL
Network
|
oneplus
|
oxygenos
|
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking…
|
NVD-CWE-noinfo
|
CVE-2017-5626
|
2024-11-21 12:28 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247783
|
9.8 |
CRITICAL
Network
|
oneplus
|
oxygenos
|
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the (locked) bootloader start the platform with dm-verity disabled, by issuing the 'fastboot …
|
CWE-269
Improper Privilege Management
|
CVE-2017-5624
|
2024-11-21 12:28 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247784
|
9.8 |
CRITICAL
Network
|
cambiumnetworks
|
cnpilot_r200_series_firmware
|
On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and its RSA keys, aka RBN-183.
|
NVD-CWE-noinfo
|
CVE-2017-5859
|
2024-11-21 12:28 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247785
|
7.5 |
HIGH
Network
|
unisys
|
clearpath_mcp
|
The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to c…
|
CWE-20
Improper Input Validation
|
CVE-2017-5872
|
2024-11-21 12:28 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247786
|
7.5 |
HIGH
Network
|
intel
|
quickassist_technology_engine
|
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-cha…
|
NVD-CWE-noinfo
|
CVE-2017-5681
|
2024-11-21 12:28 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247787
|
7.5 |
HIGH
Network
|
syspass
|
syspass
|
An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() fu…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-5999
|
2024-11-21 12:28 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247788
|
8.0 |
HIGH
Network
|
d-link
|
di-524_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (…
|
CWE-352
Origin Validation Error
|
CVE-2017-5633
|
2024-11-21 12:28 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247789
|
6.5 |
MEDIUM
Network
|
owncloud
|
owncloud
|
ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a o…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-5867
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247790
|
4.3 |
MEDIUM
Network
|
owncloud
|
owncloud
|
The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensit…
|
CWE-200
Information Exposure
|
CVE-2017-5866
|
2024-11-21 12:28 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
