|
252511
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL P…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14739
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252512
|
5.5 |
MEDIUM
Local
|
botan_project
debian
|
botan
debian_linux
|
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as d…
|
NVD-CWE-noinfo
|
CVE-2017-14737
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252513
|
6.1 |
MEDIUM
Network
|
antisamy_project
|
antisamy
|
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14735
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252514
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14734
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252515
|
6.5 |
MEDIUM
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14733
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252516
|
6.5 |
MEDIUM
Network
|
libofx_project
|
libofx
|
ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an of…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14731
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252517
|
7.8 |
HIGH
Local
|
elasticsearch
|
logstash
|
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-14730
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252518
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14729
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252519
|
8.8 |
HIGH
Network
|
geminabox_project
|
geminabox
|
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
|
CWE-352
Origin Validation Error
|
CVE-2017-14683
|
2024-11-21 12:13 |
2017-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252520
|
7.5 |
HIGH
Network
|
weechat
|
logger
|
logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14727
|
2024-11-21 12:13 |
2017-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
