|
252891
|
7.5 |
HIGH
Network
|
irssi
|
irssi
|
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15228
|
2024-11-21 12:14 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252892
|
7.5 |
HIGH
Network
|
irssi
|
irssi
|
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the stat…
|
CWE-416
Use After Free
|
CVE-2017-15227
|
2024-11-21 12:14 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252893
|
5.9 |
MEDIUM
Network
|
gnu
|
glibc
|
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user na…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15671
|
2024-11-21 12:14 |
2017-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252894
|
9.8 |
CRITICAL
Network
|
gnu
|
glibc
|
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories u…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15670
|
2024-11-21 12:14 |
2017-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252895
|
6.1 |
MEDIUM
Network
|
tp-link
|
tl-mr3220_firmware
|
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description fi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15291
|
2024-11-21 12:14 |
2017-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252896
|
6.7 |
MEDIUM
Local
|
paessler
|
prtg_network_monitor
|
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.
|
CWE-20
Improper Input Validation
|
CVE-2017-15651
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252897
|
7.5 |
HIGH
Network
|
musl-libc
|
musl
|
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15650
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252898
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race co…
|
CWE-362
Race Condition
|
CVE-2017-15649
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252899
|
6.1 |
MEDIUM
Network
|
phpsugar
|
php_melody
|
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15648
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252900
|
7.5 |
HIGH
Network
|
fiberhome
|
routerfiberhome_firmware
|
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
|
CWE-22
Path Traversal
|
CVE-2017-15647
|
2024-11-21 12:14 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
