|
253401
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15930
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253402
|
7.5 |
HIGH
Network
|
ox_project
|
ox
|
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but…
|
CWE-20
Improper Input Validation
|
CVE-2017-15928
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253403
|
7.8 |
HIGH
Local
|
shadowsocks
debian
|
shadowsocks-libev
debian_linux
|
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related t…
|
CWE-78
OS Command
|
CVE-2017-15924
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253404
|
5.5 |
MEDIUM
Local
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15922
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253405
|
9.8 |
CRITICAL
Network
|
accesspressthemes
|
ultimate-form-builder-lite
|
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
|
CWE-89
SQL Injection
|
CVE-2017-15919
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253406
|
6.5 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
|
CWE-269
Improper Privilege Management
|
CVE-2017-15917
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253407
|
4.8 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15911
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253408
|
7.5 |
HIGH
Network
|
systemd_project
canonical
|
systemd
ubuntu_linux
|
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15908
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253409
|
9.8 |
CRITICAL
Network
|
phpcollab
|
phpcollab
|
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
|
CWE-89
SQL Injection
|
CVE-2017-15907
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253410
|
7.5 |
HIGH
Network
|
londontrustmedia
|
private_internet_access
|
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15882
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
