|
250831
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18185
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250832
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18184
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250833
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-18183
|
2024-11-21 12:19 |
2018-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250834
|
8.8 |
HIGH
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. …
|
CWE-287
Improper Authentication
|
CVE-2017-18179
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250835
|
6.1 |
MEDIUM
Network
|
progress
|
sitefinity
|
Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This …
|
CWE-601
Open Redirect
|
CVE-2017-18178
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250836
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via the Last name, First name, and About fields on the New User Creation Page. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18177
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250837
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via file upload, because JavaScript code in an HTML file has the same origin as the application's own code. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18176
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250838
|
5.4 |
MEDIUM
Network
|
progress
|
sitefinity
|
Progress Sitefinity 9.1 has XSS via the Content Management Template Configuration (aka Templateconfiguration), as demonstrated by the src attribute of an IMG element. This is fixed in 10.1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18175
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250839
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
|
CWE-415
Double Free
|
CVE-2017-18174
|
2024-11-21 12:19 |
2018-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250840
|
8.8 |
HIGH
Network
|
flexense
|
syncbreeze
|
A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17996
|
2024-11-21 12:19 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
