|
258641
|
5.3 |
MEDIUM
Network
|
juniper
|
junos
|
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the r…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-10604
|
2024-11-21 12:06 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258642
|
7.8 |
HIGH
Local
|
juniper
|
junos
|
A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Jun…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10602
|
2024-11-21 12:06 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258643
|
9.8 |
CRITICAL
Network
|
juniper
|
junos
|
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, …
|
CWE-287
Improper Authentication
|
CVE-2017-10601
|
2024-11-21 12:06 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258644
|
5.9 |
MEDIUM
Local
|
canonical
|
ubuntu-image
|
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the sam…
|
CWE-384
Session Fixation
|
CVE-2017-10600
|
2024-11-21 12:06 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258645
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10995
|
2024-11-21 12:06 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258646
|
7.3 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
|
CWE-123
Write-what-where Condition
|
CVE-2017-10994
|
2024-11-21 12:06 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258647
|
6.1 |
MEDIUM
Network
|
wp-statistics
|
wp_statistics
|
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10991
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258648
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result …
|
CWE-416
Use After Free
|
CVE-2017-10966
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258649
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10965
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258650
|
9.8 |
CRITICAL
Network
|
sqlite
|
sqlite
|
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer ove…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10989
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
