|
259111
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in Q…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11625
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259112
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11624
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259113
|
6.1 |
MEDIUM
Network
|
atmail
|
atmail
|
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both sin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11617
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259114
|
9.8 |
CRITICAL
Network
|
medhost
|
connex
|
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the da…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11614
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259115
|
7.8 |
HIGH
Local
|
appsec-labs
|
appuse
|
AppUse 4.0 allows shell command injection via a proxy field.
|
CWE-78
OS Command
|
CVE-2017-11566
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259116
|
6.5 |
MEDIUM
Network
|
libsass
|
libsass
|
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11608
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259117
|
6.5 |
MEDIUM
Network
|
libsass
|
libsass
|
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11605
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259118
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11600
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259119
|
5.4 |
MEDIUM
Network
|
loomio
|
loomio
|
Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new threa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11594
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259120
|
6.1 |
MEDIUM
Network
|
ooso
|
markdown_preview_plus
|
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11593
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
