|
251781
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an att…
|
CWE-200
Information Exposure
|
CVE-2017-15610
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251782
|
7.5 |
HIGH
Network
|
octopus
|
octopus_deploy
|
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-15609
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251783
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted s…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15602
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251784
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15601
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251785
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15600
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251786
|
6.5 |
MEDIUM
Network
|
3cx
|
3cx
|
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf…
|
CWE-22
Path Traversal
|
CVE-2017-15359
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251787
|
6.0 |
MEDIUM
Local
|
xen
|
xen
|
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physma…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15596
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251788
|
8.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15595
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251789
|
8.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotpl…
|
NVD-CWE-noinfo
|
CVE-2017-15594
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251790
|
6.5 |
MEDIUM
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15593
|
2024-11-21 12:14 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
