|
250231
|
7.8 |
HIGH
Local
|
apache
|
hadoop
|
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization me…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-3166
|
2024-11-21 12:24 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250232
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while l…
|
CWE-416
Use After Free
|
CVE-2017-2922
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250233
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-2921
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250234
|
8.8 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker c…
|
CWE-78
OS Command
|
CVE-2017-2917
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250235
|
8.8 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwrit…
|
CWE-59
Link Following
|
CVE-2017-2916
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250236
|
8.0 |
HIGH
Adjacent
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell comm…
|
NVD-CWE-noinfo
|
CVE-2017-2915
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250237
|
8.1 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid b…
|
CWE-287
Improper Authentication
|
CVE-2017-2914
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250238
|
5.9 |
MEDIUM
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate t…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-2913
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250239
|
5.9 |
MEDIUM
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accep…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2017-2912
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250240
|
5.9 |
MEDIUM
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept…
|
CWE-297
Improper Validation of Certificate with Host Mismatch
|
CVE-2017-2911
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
