|
253371
|
5.0 |
MEDIUM
Local
|
libmp3splt_project
|
libmp3splt
|
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (…
|
CWE-20
Improper Input Validation
|
CVE-2017-15185
|
2024-11-21 12:14 |
2017-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253372
|
6.5 |
MEDIUM
Network
|
rapid7
|
metasploit
|
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
|
CWE-352
Origin Validation Error
|
CVE-2017-15084
|
2024-11-21 12:14 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253373
|
7.5 |
HIGH
Network
|
wpmudev
|
smush_image_compression_and_optimization
|
The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.
|
CWE-22
Path Traversal
|
CVE-2017-15079
|
2024-11-21 12:14 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253374
|
8.8 |
HIGH
Network
|
intelliants
|
subrion
|
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php…
|
CWE-352
Origin Validation Error
|
CVE-2017-15063
|
2024-11-21 12:14 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253375
|
7.8 |
HIGH
Local
|
upx_project
|
upx
|
p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15056
|
2024-11-21 12:14 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253376
|
9.8 |
CRITICAL
Network
|
redislabs
|
redis
|
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15047
|
2024-11-21 12:14 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253377
|
5.5 |
MEDIUM
Local
|
lame_project
|
lame
|
LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15046
|
2024-11-21 12:14 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253378
|
8.1 |
HIGH
Network
|
suse
|
studio_onsite
susestudio-ui-server
|
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in St…
|
CWE-89
SQL Injection
|
CVE-2017-14807
|
2024-11-21 12:13 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253379
|
5.9 |
MEDIUM
Network
|
suse
|
studio_onsite
susestudio-ui-server
|
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages r…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-14806
|
2024-11-21 12:13 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253380
|
9.8 |
CRITICAL
Network
|
labf
|
nfsaxe
|
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14742
|
2024-11-21 12:13 |
2019-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
