|
252111
|
9.8 |
CRITICAL
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14624
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252112
|
8.1 |
HIGH
Network
|
go-ldap_project
|
ldap
|
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (…
|
CWE-287
Improper Authentication
|
CVE-2017-14623
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252113
|
5.4 |
MEDIUM
Network
|
suse
|
portus
|
Portus 2.2.0 has XSS via the Team field, related to typeahead.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14621
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252114
|
6.1 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14619
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252115
|
4.8 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14618
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252116
|
7.8 |
HIGH
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
|
CWE-20
Improper Input Validation
|
CVE-2017-14617
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252117
|
7.5 |
HIGH
Network
|
watchguard
|
fireware
|
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, l…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14616
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252118
|
6.1 |
MEDIUM
Network
|
watchguard
|
fireware
|
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be con…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14615
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252119
|
7.8 |
HIGH
Local
|
bareos
|
bareos
|
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary pro…
|
CWE-665
Improper Initialization
|
CVE-2017-14610
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252120
|
7.8 |
HIGH
Local
|
kannel
|
kannel
|
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to thi…
|
CWE-665
Improper Initialization
|
CVE-2017-14609
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
