|
253251
|
6.1 |
MEDIUM
Network
|
opentext
|
document_sciences_xpression
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, …
|
CWE-79
Cross-site Scripting
|
CVE-2017-14755
|
2024-11-21 12:13 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253252
|
6.5 |
MEDIUM
Network
|
opentext
|
document_sciences_xpression
|
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource…
|
CWE-22
Path Traversal
|
CVE-2017-14754
|
2024-11-21 12:13 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253253
|
7.5 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to laun…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14977
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253254
|
7.5 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an at…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14976
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253255
|
7.5 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14975
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253256
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which all…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14974
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253257
|
5.9 |
MEDIUM
Network
|
openvswitch
|
openvswitch
|
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stat…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-14970
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253258
|
7.2 |
HIGH
Network
|
pivotx
|
pivotx
|
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14958
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253259
|
6.1 |
MEDIUM
Network
|
blogotext_project
|
blogotext
|
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for examp…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14957
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253260
|
5.9 |
MEDIUM
Network
|
checkmk
|
checkmk
|
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU…
|
CWE-200
CWE-362
Information Exposure
Race Condition
|
CVE-2017-14955
|
2024-11-21 12:13 |
2017-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
