|
250381
|
7.8 |
HIGH
Local
|
optipng_project
|
optipng
|
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolle…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16938
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250382
|
6.5 |
MEDIUM
Adjacent
|
tenda
|
ac9_firmware
ac15_firmware
ac18_firmware
|
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US…
|
CWE-22
Path Traversal
|
CVE-2017-16936
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250383
|
9.8 |
CRITICAL
Network
|
ametys
|
ametys
|
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
|
CWE-20
Improper Input Validation
|
CVE-2017-16935
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250384
|
9.8 |
CRITICAL
Network
|
dbltek
|
web_server
|
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
|
CWE-78
OS Command
|
CVE-2017-16934
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250385
|
7.0 |
HIGH
Local
|
icinga
|
icinga
|
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16933
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250386
|
7.5 |
HIGH
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-16932
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250387
|
9.8 |
CRITICAL
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16931
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250388
|
8.4 |
HIGH
Local
|
neutrinolabs
debian
|
xrdp
debian_linux
|
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of servic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16927
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250389
|
7.8 |
HIGH
Local
|
gnu
|
ncurses
|
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16879
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250390
|
9.8 |
CRITICAL
Network
|
ohcount_project
|
ohcount
|
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) t…
|
CWE-78
OS Command
|
CVE-2017-16926
|
2024-11-21 12:17 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
