|
246931
|
9.8 |
CRITICAL
Network
|
ideablade
|
breeze.server.net
|
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9424
|
2024-11-21 12:36 |
2017-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246932
|
6.5 |
MEDIUM
Network
|
libtiff
canonical
|
libtiff
ubuntu_linux
|
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9815
|
2024-11-21 12:36 |
2017-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246933
|
9.8 |
CRITICAL
Network
|
openwebif_project
|
openwebif
|
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key…
|
CWE-94
Code Injection
|
CVE-2017-9807
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246934
|
5.5 |
MEDIUM
Local
|
jasper_project
|
jasper
|
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9782
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246935
|
6.1 |
MEDIUM
Network
|
check_mk_project
|
check_mk
|
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9781
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246936
|
8.8 |
HIGH
Network
|
horde
|
horde_image_api
|
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
|
CWE-94
Code Injection
|
CVE-2017-9774
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246937
|
5.7 |
MEDIUM
Network
|
horde
|
horde_image
|
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
|
CWE-20
Improper Input Validation
|
CVE-2017-9773
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246938
|
7.8 |
HIGH
Local
|
flatpak
debian
|
flatpak
debian_linux
|
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9780
|
2024-11-21 12:36 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246939
|
5.5 |
MEDIUM
Local
|
gnu
|
gdb
|
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a …
|
CWE-20
CWE-770
Improper Input Validation
Allocation of Resources Without Limits or Throttling
|
CVE-2017-9778
|
2024-11-21 12:36 |
2017-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246940
|
9.8 |
CRITICAL
Network
|
websitebaker
|
websitebaker
|
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
|
CWE-94
Code Injection
|
CVE-2017-9771
|
2024-11-21 12:36 |
2017-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
