|
252521
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows re…
|
CWE-416
Use After Free
|
CVE-2017-14528
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252522
|
7.8 |
HIGH
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
|
CWE-20
Improper Input Validation
|
CVE-2017-14520
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252523
|
7.5 |
HIGH
Network
|
freedesktop
|
poppler
|
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14519
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252524
|
7.8 |
HIGH
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
|
CWE-20
Improper Input Validation
|
CVE-2017-14518
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252525
|
5.5 |
MEDIUM
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14517
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252526
|
7.5 |
HIGH
Network
|
tenda
|
w15e_firmware
|
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14515
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252527
|
7.5 |
HIGH
Network
|
tenda
|
w15e_firmware
|
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2017-14514
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252528
|
5.3 |
MEDIUM
Network
|
metinfo
|
metinfo
|
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/p…
|
CWE-22
Path Traversal
|
CVE-2017-14513
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252529
|
9.8 |
CRITICAL
Network
|
nexusphp_project
|
nexusphp
|
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
|
CWE-89
SQL Injection
|
CVE-2017-14512
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252530
|
7.5 |
HIGH
Network
|
sap
|
e-recruiting
|
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to …
|
CWE-20
Improper Input Validation
|
CVE-2017-14511
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
