|
247221
|
7.8 |
HIGH
Local
|
cisecurity
|
cis-cat_pro_dashboard
|
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, the…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-8916
|
2024-11-21 12:34 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247222
|
5.4 |
MEDIUM
Network
|
synocor
|
zimbra_collaboration_suite
|
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Sho…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8802
|
2024-11-21 12:34 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247223
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map e…
|
NVD-CWE-noinfo
|
CVE-2017-8867
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247224
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traff…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-8866
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247225
|
5.9 |
MEDIUM
Network
|
cognitoys
|
stemosaur_firmware
|
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP tr…
|
CWE-200
Information Exposure
|
CVE-2017-8865
|
2024-11-21 12:34 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247226
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system…
|
CWE-416
Use After Free
|
CVE-2017-8824
|
2024-11-21 12:34 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247227
|
8.1 |
HIGH
Network
|
tor_project
debian
|
tor
debian_linux
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point e…
|
CWE-416
Use After Free
|
CVE-2017-8823
|
2024-11-21 12:34 |
2017-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247228
|
3.7 |
LOW
Network
|
tor_project
debian
|
tor
debian_linux
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick th…
|
CWE-417
Channel and Path Errors
|
CVE-2017-8822
|
2024-11-21 12:34 |
2017-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247229
|
7.5 |
HIGH
Network
|
tor_project
debian
|
tor
debian_linux
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8821
|
2024-11-21 12:34 |
2017-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247230
|
7.5 |
HIGH
Network
|
tor_project
debian
|
tor
debian_linux
|
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer deref…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-8820
|
2024-11-21 12:34 |
2017-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
