|
253221
|
7.4 |
HIGH
Local
|
ikarussecurity
|
ikarus_antivirus
|
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum …
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-15643
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253222
|
5.5 |
MEDIUM
Local
|
sound_exchange_project
debian
|
sound_exchange
debian_linux
|
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
|
CWE-416
Use After Free
|
CVE-2017-15642
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253223
|
6.5 |
MEDIUM
Network
|
getmura
|
mura_cms
|
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
|
CWE-611
XXE
|
CVE-2017-15639
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253224
|
6.1 |
MEDIUM
Network
|
mistune_project
|
mistune
|
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15612
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253225
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-15611
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253226
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an att…
|
CWE-200
Information Exposure
|
CVE-2017-15610
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253227
|
7.5 |
HIGH
Network
|
octopus
|
octopus_deploy
|
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-15609
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253228
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted s…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15602
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253229
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15601
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253230
|
7.5 |
HIGH
Network
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15600
|
2024-11-21 12:14 |
2017-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
