|
249511
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
An issue was discovered in tools/conversations/view_ajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/requ…
|
NVD-CWE-noinfo
|
CVE-2017-18195
|
2024-11-21 12:19 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249512
|
9.8 |
CRITICAL
Network
|
gnu
|
libcdio
|
An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.
|
CWE-415
Double Free
|
CVE-2017-18201
|
2024-11-21 12:19 |
2018-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249513
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demon…
|
CWE-20
Improper Input Validation
|
CVE-2017-18200
|
2024-11-21 12:19 |
2018-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249514
|
6.5 |
MEDIUM
Network
|
gnu
|
libcdio
|
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18199
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249515
|
8.8 |
HIGH
Network
|
gnu
|
libcdio
|
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18198
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249516
|
9.8 |
CRITICAL
Network
|
jgraph
|
mxgraph
|
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
|
CWE-611
XXE
|
CVE-2017-18197
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249517
|
3.3 |
LOW
Local
|
leptonica
|
leptonica
|
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrict…
|
CWE-22
Path Traversal
|
CVE-2017-18196
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249518
|
9.8 |
CRITICAL
Network
|
hamayeshnegar
|
hamayeshnegar_cms
|
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18194
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249519
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18193
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249520
|
7.5 |
HIGH
Network
|
photo\
video_locker-calculator_project
|
photo\
video_locker-calculator
|
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
|
CWE-200
Information Exposure
|
CVE-2017-18192
|
2024-11-21 12:19 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
