Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-02-27 CVE-2017-6343 Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.
network
high complexity
dahuasecurity CWE-287
8.1
2017-02-27 CVE-2017-6342 Improper Privilege Management vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware
An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19.
network
low complexity
dahuasecurity CWE-269
critical
9.8
2017-02-27 CVE-2017-6341 Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.
network
high complexity
dahuasecurity CWE-319
5.9
2017-02-27 CVE-2017-6297 Missing Encryption of Sensitive Data vulnerability in Mikrotik Routeros 6.37.4/6.83.3
The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
network
high complexity
mikrotik CWE-311
5.9
2017-02-27 CVE-2017-5946 Path Traversal vulnerability in multiple products
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability.
network
low complexity
rubyzip-project debian CWE-22
critical
9.8
2017-02-27 CVE-2017-5928 Unspecified vulnerability in W3 High Resolution Time API
The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.
network
high complexity
w3
3.7
2017-02-27 CVE-2017-5927 Information Exposure vulnerability in multiple products
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors.
network
low complexity
intel amd samsung nvidia allwinner CWE-200
7.5
2017-02-27 CVE-2017-5926 Information Exposure vulnerability in multiple products
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors.
network
low complexity
intel amd samsung nvidia allwinner CWE-200
7.5
2017-02-27 CVE-2017-5925 Information Exposure vulnerability in multiple products
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors.
network
low complexity
intel amd samsung nvidia allwinner CWE-200
7.5
2017-02-26 CVE-2017-0037 Type Confusion vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
network
high complexity
microsoft CWE-843
8.1