|
252841
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17825
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252842
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the …
|
CWE-89
SQL Injection
|
CVE-2017-17824
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252843
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne…
|
CWE-89
SQL Injection
|
CVE-2017-17823
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252844
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS…
|
CWE-89
SQL Injection
|
CVE-2017-17822
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252845
|
9.8 |
CRITICAL
Network
|
apple
|
safari
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17821
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252846
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
|
CWE-416
Use After Free
|
CVE-2017-17820
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252847
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17819
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252848
|
7.5 |
HIGH
Network
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17818
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252849
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
|
CWE-416
Use After Free
|
CVE-2017-17817
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252850
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
|
CWE-416
Use After Free
|
CVE-2017-17816
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
