|
249931
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17883
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249932
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17882
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249933
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17881
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249934
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17880
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249935
|
8.8 |
HIGH
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17879
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249936
|
9.8 |
CRITICAL
Network
|
valvesoftware
|
steam_link_firmware
|
An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" settin…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-17878
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249937
|
9.8 |
CRITICAL
Network
|
valvesoftware
|
steam_link_firmware
|
An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless ad…
|
NVD-CWE-noinfo
|
CVE-2017-17877
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249938
|
7.5 |
HIGH
Network
|
iwcnetwork
|
shift
|
Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
|
CWE-275
Permission Issues
|
CVE-2017-17876
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249939
|
9.8 |
CRITICAL
Network
|
jextn
|
jextn_faq_pro
|
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
|
CWE-89
SQL Injection
|
CVE-2017-17875
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249940
|
8.8 |
HIGH
Network
|
vanguard_project
|
marketplace_digital_products_php
|
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-17874
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
