|
250241
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and D…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-2909
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250242
|
7.5 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be in…
|
CWE-362
Race Condition
|
CVE-2017-2898
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250243
|
8.2 |
HIGH
Network
|
cesanta
|
mongoose
|
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bou…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-2895
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250244
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-2894
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250245
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-2893
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250246
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-2892
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250247
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed poi…
|
CWE-416
Use After Free
|
CVE-2017-2891
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250248
|
8.8 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An atta…
|
CWE-78
OS Command
|
CVE-2017-2890
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250249
|
7.5 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeated…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-2889
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250250
|
7.5 |
HIGH
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-2884
|
2024-11-21 12:24 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
