|
257181
|
5.9 |
MEDIUM
Network
|
att
|
u-verse_firmware
|
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows rem…
|
CWE-287
Improper Authentication
|
CVE-2017-14117
|
2024-11-21 12:12 |
2017-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257182
|
8.1 |
HIGH
Network
|
att
|
u-verse_firmware
|
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14116
|
2024-11-21 12:12 |
2017-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257183
|
8.1 |
HIGH
Network
|
att
|
u-verse_firmware
|
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5S…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14115
|
2024-11-21 12:12 |
2017-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257184
|
6.5 |
MEDIUM
Network
|
rtpproxy
|
rtpproxy
|
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers…
|
CWE-200
Information Exposure
|
CVE-2017-14114
|
2024-11-21 12:12 |
2017-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257185
|
9.8 |
CRITICAL
Network
|
digium
|
asterisk
certified_asterisk
|
In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. Th…
|
CWE-78
OS Command
|
CVE-2017-14100
|
2024-11-21 12:12 |
2017-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257186
|
7.5 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data di…
|
CWE-200
Information Exposure
|
CVE-2017-14099
|
2024-11-21 12:12 |
2017-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257187
|
7.5 |
HIGH
Network
|
digium
|
asterisk
|
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
|
CWE-20
Improper Input Validation
|
CVE-2017-14098
|
2024-11-21 12:12 |
2017-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257188
|
7.5 |
HIGH
Network
|
netapp
|
oncommand_unified_manager_for_clustered_data_ontap
|
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to captur…
|
CWE-200
Information Exposure
|
CVE-2017-14053
|
2024-11-21 12:12 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257189
|
6.5 |
MEDIUM
Network
|
libzip
debian
|
libzip
debian_linux
|
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-14107
|
2024-11-21 12:12 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257190
|
7.8 |
HIGH
Local
|
aerohive
|
hivemanager_classic
|
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An au…
|
CWE-20
Improper Input Validation
|
CVE-2017-14105
|
2024-11-21 12:12 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
