|
256881
|
7.5 |
HIGH
Network
|
ejs
|
ejs
|
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
|
CWE-20
Improper Input Validation
|
CVE-2017-1000189
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256882
|
6.1 |
MEDIUM
Network
|
ejs
|
ejs
|
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000188
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256883
|
9.8 |
CRITICAL
Network
|
creolabs
|
gravity
|
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-1000173
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256884
|
9.8 |
CRITICAL
Network
|
creolabs
|
gravity
|
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being us…
|
CWE-416
Use After Free
|
CVE-2017-1000172
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256885
|
5.9 |
MEDIUM
Network
|
nv-websocket-client_project
|
nv-websocket-client
|
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which …
|
CWE-295
Improper Certificate Validation
|
CVE-2017-1000209
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256886
|
8.8 |
HIGH
Network
|
swagger
|
swagger-parser
swagger-codegen
|
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in p…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000208
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256887
|
5.5 |
MEDIUM
Local
|
tcmu-runner_project
|
tcmu-runner
|
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
|
CWE-20
Improper Input Validation
|
CVE-2017-1000201
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256888
|
7.5 |
HIGH
Network
|
tcmu-runner_project
|
tcmu-runner
|
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000200
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256889
|
7.5 |
HIGH
Network
|
tcmu-runner_project
|
tcmu-runner
|
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
|
CWE-200
Information Exposure
|
CVE-2017-1000199
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256890
|
7.5 |
HIGH
Network
|
tcmu-runner_project
|
tcmu-runner
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000198
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
