|
252191
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16358
|
2024-11-21 12:16 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252192
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16357
|
2024-11-21 12:16 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252193
|
6.5 |
MEDIUM
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p…
|
CWE-200
CWE-125
Information Exposure
Out-of-bounds Read
|
CVE-2017-16353
|
2024-11-21 12:16 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252194
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16352
|
2024-11-21 12:16 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252195
|
7.5 |
HIGH
Network
|
catalyst-plugin-static-simple_project
|
catalyst-plugin-static-simple
|
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended pol…
|
CWE-200
Information Exposure
|
CVE-2017-16248
|
2024-11-21 12:16 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252196
|
8.8 |
HIGH
Network
|
octobercms
|
october
|
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's ac…
|
CWE-352
Origin Validation Error
|
CVE-2017-16244
|
2024-11-21 12:16 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252197
|
5.4 |
MEDIUM
Network
|
typecho
|
typecho
|
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16230
|
2024-11-21 12:16 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252198
|
9.8 |
CRITICAL
Network
|
dulwich_project
|
dulwich
|
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017…
|
NVD-CWE-noinfo
|
CVE-2017-16228
|
2024-11-21 12:16 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252199
|
7.5 |
HIGH
Network
|
quagga
debian
|
quagga
debian_linux
|
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for l…
|
CWE-20
Improper Input Validation
|
CVE-2017-16227
|
2024-11-21 12:16 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252200
|
6.1 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15686
|
2024-11-21 12:15 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
