|
251091
|
8.8 |
HIGH
Adjacent
|
samsung
|
magician
|
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-3218
|
2024-11-21 12:25 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251092
|
9.8 |
CRITICAL
Network
|
greenpacket
huawei
mada
zte
zyxel
|
ox350_firmware
bm2022_firmware
hes-309m_firmware
hes-319m_firmware
hes-319m2w_firmware
hes-339m_firmware
soho_wireless_router_firmware
ox-330p_firmware
max218m_firmware
max…
|
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-3216
|
2024-11-21 12:25 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251093
|
5.3 |
MEDIUM
Network
|
milwaukee
|
one-key
|
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-3215
|
2024-11-21 12:25 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251094
|
7.5 |
HIGH
Network
|
milwaukeetool
|
one-key
|
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2017-3214
|
2024-11-21 12:25 |
2017-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251095
|
5.9 |
MEDIUM
Network
|
think_mutual_bank
|
think_mutual_bank_mobile_banking_app
|
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-3213
|
2024-11-21 12:25 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251096
|
5.9 |
MEDIUM
Network
|
sccu
|
space_coast_credit_union
|
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-3212
|
2024-11-21 12:25 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251097
|
7.1 |
HIGH
Network
|
oracle
|
one-to-one_fulfillment
|
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily …
|
NVD-CWE-noinfo
|
CVE-2017-3434
|
2024-11-21 12:25 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251098
|
7.1 |
HIGH
Network
|
oracle
|
marketing
|
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and …
|
NVD-CWE-noinfo
|
CVE-2017-3356
|
2024-11-21 12:25 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251099
|
7.1 |
HIGH
Network
|
oracle
|
marketing
|
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and …
|
NVD-CWE-noinfo
|
CVE-2017-3355
|
2024-11-21 12:25 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251100
|
7.1 |
HIGH
Network
|
oracle
|
marketing
|
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and …
|
NVD-CWE-noinfo
|
CVE-2017-3347
|
2024-11-21 12:25 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
