|
252841
|
7.8 |
HIGH
Local
|
tgsoft
|
vir.it_explorer
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoContr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16948
|
2024-11-21 12:17 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252842
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-16946
|
2024-11-21 12:17 |
2017-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252843
|
7.5 |
HIGH
Network
|
exim
debian
|
exim
debian_linux
|
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-16944
|
2024-11-21 12:17 |
2017-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252844
|
9.8 |
CRITICAL
Network
|
exim
debian
|
exim
debian_linux
|
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BD…
|
CWE-416
Use After Free
|
CVE-2017-16943
|
2024-11-21 12:17 |
2017-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252845
|
6.5 |
MEDIUM
Network
|
libsndfile_project
|
libsndfile
|
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
|
CWE-369
Divide By Zero
|
CVE-2017-16942
|
2024-11-21 12:17 |
2017-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252846
|
8.8 |
HIGH
Network
|
octobercms
|
october
|
October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-16941
|
2024-11-21 12:17 |
2017-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252847
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV…
|
CWE-416
Use After Free
|
CVE-2017-16939
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252848
|
7.8 |
HIGH
Local
|
optipng_project
|
optipng
|
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolle…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16938
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252849
|
6.5 |
MEDIUM
Adjacent
|
tenda
|
ac9_firmware
ac15_firmware
ac18_firmware
|
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US…
|
CWE-22
Path Traversal
|
CVE-2017-16936
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252850
|
9.8 |
CRITICAL
Network
|
ametys
|
ametys
|
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
|
CWE-20
Improper Input Validation
|
CVE-2017-16935
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
