|
252871
|
8.8 |
HIGH
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bound…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15672
|
2024-11-21 12:14 |
2017-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252872
|
7.8 |
HIGH
Local
|
schedmd
|
slurm
|
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog…
|
CWE-426
Untrusted Search Path
|
CVE-2017-15566
|
2024-11-21 12:14 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252873
|
9.1 |
CRITICAL
Network
|
mongodb
|
mongodb
|
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enab…
|
NVD-CWE-noinfo
|
CVE-2017-15535
|
2024-11-21 12:14 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252874
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as ti…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15273
|
2024-11-21 12:14 |
2017-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252875
|
9.1 |
CRITICAL
Network
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not mat…
|
CWE-119
CWE-200
Incorrect Access of Indexable Resource ('Range Error')
Information Exposure
|
CVE-2017-15597
|
2024-11-21 12:14 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252876
|
7.5 |
HIGH
Network
|
writediary
|
diary_with_lock
|
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obta…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-15582
|
2024-11-21 12:14 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252877
|
7.5 |
HIGH
Network
|
writediary
|
diary_with_lock
|
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-15581
|
2024-11-21 12:14 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252878
|
9.8 |
CRITICAL
Network
|
ndocsoftware
|
ndoc
|
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-15366
|
2024-11-21 12:14 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252879
|
3.3 |
LOW
Local
|
gluster
|
glusterfs
|
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15096
|
2024-11-21 12:14 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252880
|
5.3 |
MEDIUM
Network
|
argosoft
|
mini_mail_server
|
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15223
|
2024-11-21 12:14 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
