|
197931
|
6.5 |
MEDIUM
Adjacent
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted ne…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-12096
|
2024-11-21 12:08 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197932
|
6.5 |
MEDIUM
Adjacent
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attac…
|
CWE-77
Command Injection
|
CVE-2017-12094
|
2024-11-21 12:08 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197933
|
9.8 |
CRITICAL
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An atta…
|
NVD-CWE-noinfo
|
CVE-2017-12085
|
2024-11-21 12:08 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197934
|
6.6 |
MEDIUM
Network
|
meetcircle
|
circle_with_disney_firmware
|
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulti…
|
CWE-862
Missing Authorization
|
CVE-2017-12084
|
2024-11-21 12:08 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197935
|
5.3 |
MEDIUM
Network
|
meetcircle
|
circle_with_disney_firmware
|
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump stri…
|
CWE-200
Information Exposure
|
CVE-2017-12083
|
2024-11-21 12:08 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197936
|
9.8 |
CRITICAL
Network
|
microsoft
|
chakracore
|
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11767
|
2024-11-21 12:08 |
2017-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197937
|
7.2 |
HIGH
Network
|
redhat
|
keycloak
|
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission re…
|
CWE-287
Improper Authentication
|
CVE-2017-12160
|
2024-11-21 12:08 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197938
|
7.5 |
HIGH
Network
|
redhat
keycloak
|
single_sign_on
keycloak
|
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible …
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-12159
|
2024-11-21 12:08 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197939
|
5.4 |
MEDIUM
Network
|
redhat
keycloak
|
single_sign_on
keycloak
|
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain …
|
CWE-79
Cross-site Scripting
|
CVE-2017-12158
|
2024-11-21 12:08 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197940
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_server_2016
windows_10
|
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2017-11829
|
2024-11-21 12:08 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
