|
250891
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-18022
|
2024-11-21 12:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250892
|
9.8 |
CRITICAL
Network
|
qtpass
|
qtpass
|
It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2017-18021
|
2024-11-21 12:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250893
|
8.4 |
HIGH
Local
|
samsung
|
samsung_mobile
|
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs…
|
CWE-20
Improper Input Validation
|
CVE-2017-18020
|
2024-11-21 12:19 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250894
|
7.1 |
HIGH
Local
|
k7computing
|
total_security
|
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a…
|
CWE-20
Improper Input Validation
|
CVE-2017-18019
|
2024-11-21 12:19 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250895
|
4.7 |
MEDIUM
Local
|
gnu
|
coreutils
|
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify …
|
CWE-362
Race Condition
|
CVE-2017-18018
|
2024-11-21 12:19 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250896
|
9.8 |
CRITICAL
Network
|
linux
debian
arista
f5
suse
opensuse
openstack
canonical
redhat
|
linux_kernel
debian_linux
eos
arx
linux_enterprise_server
linux_enterprise_software_development_kit
linux_enterprise_debuginfo
linux_enterprise_desktop
linux_enterprise_real_t…
|
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memor…
|
CWE-416
Use After Free
|
CVE-2017-18017
|
2024-11-21 12:19 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250897
|
6.1 |
MEDIUM
Network
|
wp-unit
|
share_this_image
|
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18015
|
2024-11-21 12:19 |
2018-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250898
|
6.5 |
MEDIUM
Network
|
libtiff
|
libtiff
|
In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18013
|
2024-11-21 12:19 |
2018-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250899
|
6.1 |
MEDIUM
Network
|
z-url_preview_project
|
z-url_preview
|
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18012
|
2024-11-21 12:19 |
2018-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250900
|
6.1 |
MEDIUM
Network
|
clickbank
|
affiliate_ads_for_clickbank_products
|
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18011
|
2024-11-21 12:19 |
2018-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
