|
248781
|
9.8 |
CRITICAL
Network
|
humaxdigital
|
hg100r_firmware
|
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup,…
|
CWE-306
CWE-522
Missing Authentication for Critical Function
Insufficiently Protected Credentials
|
CVE-2017-7315
|
2024-11-21 12:31 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248782
|
7.5 |
HIGH
Network
|
ntop
|
ntopng
|
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7458
|
2024-11-21 12:31 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248783
|
7.5 |
HIGH
Network
|
ntop
|
ntopng
|
ntopng before 3.0 allows HTTP Response Splitting.
|
CWE-74
Injection
|
CVE-2017-7459
|
2024-11-21 12:31 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248784
|
6.1 |
MEDIUM
Network
|
ntop
|
ntopng
|
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7416
|
2024-11-21 12:31 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248785
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
|
CWE-415
Double Free
|
CVE-2017-7373
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248786
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
|
CWE-119
CWE-362
Incorrect Access of Indexable Resource ('Range Error')
Race Condition
|
CVE-2017-7372
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248787
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
|
CWE-416
Use After Free
|
CVE-2017-7371
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248788
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
|
CWE-416
Use After Free
|
CVE-2017-7370
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248789
|
7.8 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
|
CWE-20
Improper Input Validation
|
CVE-2017-7369
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248790
|
7.0 |
HIGH
Local
|
google
|
android
|
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
|
CWE-362
Race Condition
|
CVE-2017-7368
|
2024-11-21 12:31 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
