Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2872 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.0 HIGH | 7.2 HIGH |
| Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges. | |||||
| CVE-2017-2857 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2856 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2854 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.3 HIGH | 8.1 HIGH |
| An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | |||||
| CVE-2017-2874 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. | |||||
| CVE-2017-2860 | 1 Natus | 1 Xltek Neuroworks | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2858 | 1 Natus | 1 Xltek Neuroworks | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2852 | 1 Natus | 1 Xltek Neuroworks | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2017-2885 | 3 Debian, Gnome, Redhat | 8 Debian Linux, Libsoup, Enterprise Linux Desktop and 5 more | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability. | |||||
| CVE-2017-2835 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-07 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | |||||
| CVE-2017-2834 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2022-06-07 | 6.8 MEDIUM | 7.0 HIGH |
| An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | |||||
| CVE-2017-2833 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 8.5 HIGH | 7.5 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. | |||||
| CVE-2017-2832 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 9.0 HIGH | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2017-2871 | 1 Foscam | 2 C1, C1 Firmware | 2022-06-07 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. | |||||
| CVE-2017-2895 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 6.4 MEDIUM | 8.2 HIGH |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2894 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2893 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2892 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2891 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. | |||||
| CVE-2018-4036 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 2.1 LOW | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. | |||||