|
252291
|
9.1 |
CRITICAL
Network
|
libraw
|
libraw
|
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14608
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252292
|
8.1 |
HIGH
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memo…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14607
|
2024-11-21 12:13 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252293
|
6.5 |
MEDIUM
Network
|
gnome
debian
|
nautilus
debian_linux
|
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file…
|
CWE-20
Improper Input Validation
|
CVE-2017-14604
|
2024-11-21 12:13 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252294
|
7.5 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.
|
NVD-CWE-noinfo
|
CVE-2017-14581
|
2024-11-21 12:13 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252295
|
4.9 |
MEDIUM
Network
|
pragyan_cms_project
|
pragyan_cms
|
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.
|
CWE-89
SQL Injection
|
CVE-2017-14601
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252296
|
4.9 |
MEDIUM
Network
|
pragyan_cms_project
|
pragyan_cms
|
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
|
CWE-89
SQL Injection
|
CVE-2017-14600
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252297
|
4.8 |
MEDIUM
Network
|
afterlogic
|
webmail
aurora
|
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14597
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252298
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14580
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252299
|
7.8 |
HIGH
Local
|
stdutility
|
stdu_viewer
|
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllG…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14579
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252300
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
|
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selectio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14578
|
2024-11-21 12:13 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
