|
253631
|
5.4 |
MEDIUM
Network
|
atlassian
|
crucible
|
The view review history resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18089
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253632
|
7.5 |
HIGH
Network
|
apple
debian
canonical
|
cups
debian_linux
ubuntu_linux
|
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemo…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-18190
|
2024-11-21 12:19 |
2018-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253633
|
7.5 |
HIGH
Network
|
sound_exchange_project
debian
|
sound_exchange
debian_linux
|
In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allo…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18189
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253634
|
4.3 |
MEDIUM
Network
|
atlassian
|
bitbucket
|
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 be…
|
CWE-20
Improper Input Validation
|
CVE-2017-18088
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253635
|
7.5 |
HIGH
Network
|
atlassian
|
bitbucket
|
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5…
|
NVD-CWE-noinfo
|
CVE-2017-18087
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253636
|
5.5 |
MEDIUM
Local
|
openr
|
opentmpfiles
|
OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks sysctl is turned off, allows local users to obtain ownership of arbitrary files by creating a hard link inside a directory on which …
|
CWE-59
Link Following
|
CVE-2017-18188
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253637
|
9.8 |
CRITICAL
Network
|
arm
debian
|
mbed_tls
debian_linux
|
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-18187
|
2024-11-21 12:19 |
2018-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253638
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-18186
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253639
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18185
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253640
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18184
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
