|
251701
|
7.5 |
HIGH
Network
|
bftpd_project
|
bftpd
|
In Bftpd before 4.7, there is a memory leak in the file rename function.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-16892
|
2024-11-21 12:17 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251702
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf fil…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16883
|
2024-11-21 12:17 |
2017-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251703
|
7.8 |
HIGH
Local
|
icinga
|
icinga
|
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16882
|
2024-11-21 12:17 |
2017-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251704
|
6.1 |
MEDIUM
Network
|
symphony_project
|
symphony
|
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16881
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251705
|
6.1 |
MEDIUM
Network
|
whoops_project
|
whoops
|
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16880
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251706
|
10.0 |
CRITICAL
Network
|
qemu
debian
canonical
|
qemu
debian_linux
ubuntu_linux
|
hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.
|
CWE-20
Improper Input Validation
|
CVE-2017-16845
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251707
|
7.5 |
HIGH
Network
|
zeit
|
next.js
|
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
CWE-22
Path Traversal
|
CVE-2017-16877
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251708
|
5.4 |
MEDIUM
Network
|
icontime
|
rtc-1000_firmware
|
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16819
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251709
|
7.5 |
HIGH
Network
|
teluu
|
pjsip
|
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi…
|
NVD-CWE-noinfo
|
CVE-2017-16875
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251710
|
9.8 |
CRITICAL
Network
|
teluu
debian
|
pjsip
debian_linux
|
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overf…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16872
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
