|
251991
|
6.5 |
MEDIUM
Network
|
libsndfile_project
|
libsndfile
|
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.
|
CWE-369
Divide By Zero
|
CVE-2017-16942
|
2024-11-21 12:17 |
2017-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251992
|
8.8 |
HIGH
Network
|
octobercms
|
october
|
October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-16941
|
2024-11-21 12:17 |
2017-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251993
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV…
|
CWE-416
Use After Free
|
CVE-2017-16939
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251994
|
7.8 |
HIGH
Local
|
optipng_project
|
optipng
|
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolle…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16938
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251995
|
6.5 |
MEDIUM
Adjacent
|
tenda
|
ac9_firmware
ac15_firmware
ac18_firmware
|
Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US…
|
CWE-22
Path Traversal
|
CVE-2017-16936
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251996
|
9.8 |
CRITICAL
Network
|
ametys
|
ametys
|
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
|
CWE-20
Improper Input Validation
|
CVE-2017-16935
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251997
|
9.8 |
CRITICAL
Network
|
dbltek
|
web_server
|
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
|
CWE-78
OS Command
|
CVE-2017-16934
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251998
|
7.0 |
HIGH
Local
|
icinga
|
icinga
|
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16933
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251999
|
7.5 |
HIGH
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-16932
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252000
|
9.8 |
CRITICAL
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16931
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
