|
251921
|
8.5 |
HIGH
Network
|
atlassian
|
bitbucket_auto_unapprove_plugin
|
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsus…
|
CWE-362
Race Condition
|
CVE-2017-16857
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251922
|
6.1 |
MEDIUM
Network
|
atlassian
|
confluence
|
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16856
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251923
|
7.5 |
HIGH
Network
|
i2pd
getkovri
|
i2pd
kovri
|
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitiv…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17066
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251924
|
9.8 |
CRITICAL
Network
|
claymore_dual_miner_project
|
claymore_dual_miner
|
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16930
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251925
|
8.1 |
HIGH
Network
|
claymore_dual_miner_project
|
claymore_dual_miner
|
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re…
|
CWE-119
CWE-22
Incorrect Access of Indexable Resource ('Range Error')
Path Traversal
|
CVE-2017-16929
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251926
|
6.1 |
MEDIUM
Network
|
zkteco
|
zktime_web
|
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Pe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17057
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251927
|
8.8 |
HIGH
Network
|
libav
|
libav
|
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17130
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251928
|
8.8 |
HIGH
Network
|
libav
|
libav
|
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified ot…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17129
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251929
|
6.5 |
MEDIUM
Network
|
libav
|
libav
|
The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17128
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251930
|
6.5 |
MEDIUM
Network
|
libav
|
libav
|
The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17127
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
