|
255141
|
6.5 |
MEDIUM
Network
|
libsass
|
libsass
|
There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11608
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255142
|
6.5 |
MEDIUM
Network
|
libsass
|
libsass
|
There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11605
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255143
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11600
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255144
|
5.4 |
MEDIUM
Network
|
loomio
|
loomio
|
Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new threa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11594
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255145
|
6.1 |
MEDIUM
Network
|
ooso
|
markdown_preview_plus
|
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11593
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255146
|
7.5 |
HIGH
Network
|
exiv2
|
exiv2
|
There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via craft…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11592
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255147
|
7.5 |
HIGH
Network
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
|
NVD-CWE-noinfo
|
CVE-2017-11591
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255148
|
7.5 |
HIGH
Network
|
gnome
|
libgxps
|
There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11590
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255149
|
9.8 |
CRITICAL
Network
|
cisco
|
residential_gateway_firmware
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control …
|
CWE-22
Path Traversal
|
CVE-2017-11589
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255150
|
9.8 |
CRITICAL
Network
|
cisco
|
residential_gateway_firmware
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command exe…
|
CWE-78
OS Command
|
CVE-2017-11588
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
