|
252211
|
6.1 |
MEDIUM
Network
|
antisamy_project
|
antisamy
|
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14735
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252212
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14734
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252213
|
6.5 |
MEDIUM
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14733
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252214
|
6.5 |
MEDIUM
Network
|
libofx_project
|
libofx
|
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an of…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14731
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252215
|
7.8 |
HIGH
Local
|
elasticsearch
|
logstash
|
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-14730
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252216
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14729
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252217
|
8.8 |
HIGH
Network
|
geminabox_project
|
geminabox
|
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
|
CWE-352
Origin Validation Error
|
CVE-2017-14683
|
2024-11-21 12:13 |
2017-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252218
|
7.5 |
HIGH
Network
|
weechat
|
logger
|
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14727
|
2024-11-21 12:13 |
2017-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252219
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14726
|
2024-11-21 12:13 |
2017-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252220
|
5.4 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
|
CWE-601
Open Redirect
|
CVE-2017-14725
|
2024-11-21 12:13 |
2017-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
