|
251741
|
9.8 |
CRITICAL
Network
|
collectd
|
collectd
|
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other imp…
|
CWE-415
Double Free
|
CVE-2017-16820
|
2024-11-21 12:17 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251742
|
6.1 |
MEDIUM
Network
|
snapcreek
|
duplicator
|
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16815
|
2024-11-21 12:17 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251743
|
5.4 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16810
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251744
|
5.5 |
MEDIUM
Local
|
tcpdump
|
tcpdump
|
tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16808
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251745
|
5.4 |
MEDIUM
Network
|
getkirby
|
panel
|
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16807
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251746
|
7.5 |
HIGH
Network
|
ulterius
|
ulterius_server
|
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
|
CWE-22
Path Traversal
|
CVE-2017-16806
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251747
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16805
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251748
|
4.3 |
MEDIUM
Network
|
redmine
debian
|
redmine
debian_linux
|
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive …
|
CWE-200
Information Exposure
|
CVE-2017-16804
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251749
|
7.5 |
HIGH
Network
|
libav
|
libav
|
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of se…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16803
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251750
|
5.4 |
MEDIUM
Network
|
misp-project
|
misp
|
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16802
|
2024-11-21 12:17 |
2017-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
