|
248761
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8287
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248762
|
7.0 |
HIGH
Local
|
qemu
|
qemu
|
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain pri…
|
CWE-94
Code Injection
|
CVE-2017-8284
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248763
|
9.8 |
CRITICAL
Network
|
debian
|
dpkg
|
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire…
|
CWE-22
Path Traversal
|
CVE-2017-8283
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248764
|
9.8 |
CRITICAL
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8225
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248765
|
9.8 |
CRITICAL
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8224
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248766
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
|
CWE-287
Improper Authentication
|
CVE-2017-8223
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248767
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS Push Services" private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to o…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8222
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248768
|
7.5 |
HIGH
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote atta…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-8221
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248769
|
9.9 |
CRITICAL
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP P…
|
CWE-78
OS Command
|
CVE-2017-8220
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248770
|
6.5 |
MEDIUM
Network
|
tp-link
|
c2_firmware
c20i_firmware
|
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
|
CWE-20
Improper Input Validation
|
CVE-2017-8219
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
