|
247361
|
7.8 |
HIGH
Local
|
artifex
|
ghostscript_ghostxps
|
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possi…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9610
|
2024-11-21 12:36 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247362
|
8.8 |
HIGH
Network
|
subsonic
|
subsonic
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a p…
|
CWE-352
Origin Validation Error
|
CVE-2017-9413
|
2024-11-21 12:36 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247363
|
6.7 |
MEDIUM
Local
|
compulab
|
intense_pc_firmware
|
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrat…
|
CWE-20
Improper Input Validation
|
CVE-2017-9457
|
2024-11-21 12:36 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247364
|
5.3 |
MEDIUM
Network
|
synology
|
diskstation_manager
|
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2017-9554
|
2024-11-21 12:36 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247365
|
7.5 |
HIGH
Network
|
synology
|
diskstation_manager
|
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.
|
NVD-CWE-noinfo
|
CVE-2017-9553
|
2024-11-21 12:36 |
2017-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247366
|
7.5 |
HIGH
Network
|
subsonic
|
subsonic
|
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change password…
|
CWE-352
Origin Validation Error
|
CVE-2017-9415
|
2024-11-21 12:36 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247367
|
9.8 |
CRITICAL
Network
|
nancyfx
|
nancy
|
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9785
|
2024-11-21 12:36 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247368
|
8.1 |
HIGH
Network
|
genivia
|
gsoap
|
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denia…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9765
|
2024-11-21 12:36 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247369
|
6.1 |
MEDIUM
Network
|
metinfo
|
metinfo
|
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9764
|
2024-11-21 12:36 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247370
|
6.1 |
MEDIUM
Network
|
kaspersky
|
anti-virus_for_linux_server
|
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site sc…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9813
|
2024-11-21 12:36 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
