|
248271
|
5.4 |
MEDIUM
Network
|
cnvs
|
canvas
|
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8298
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248272
|
9.8 |
CRITICAL
Network
|
simple-file-manager_project
|
simple-file-manager
|
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
|
CWE-22
Path Traversal
|
CVE-2017-8297
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248273
|
7.5 |
HIGH
Network
|
ked_password_manager_project
|
ked_password_manager
|
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8296
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248274
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_ex…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8294
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248275
|
9.8 |
CRITICAL
Network
|
riot_project
|
riot
|
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attac…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8289
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248276
|
8.1 |
HIGH
Network
|
gnome
|
gnome-shell
|
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch application…
|
CWE-20
Improper Input Validation
|
CVE-2017-8288
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248277
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8287
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248278
|
7.0 |
HIGH
Local
|
qemu
|
qemu
|
The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain pri…
|
CWE-94
Code Injection
|
CVE-2017-8284
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248279
|
9.8 |
CRITICAL
Network
|
debian
|
dpkg
|
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct dire…
|
CWE-22
Path Traversal
|
CVE-2017-8283
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248280
|
9.8 |
CRITICAL
Network
|
wificam
|
wireless_ip_camera_\(p2p\)_firmware
|
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8225
|
2024-11-21 12:33 |
2017-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
