|
257051
|
6.1 |
MEDIUM
Network
|
rocketchat
|
rocket.chat
|
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000054
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257052
|
8.1 |
HIGH
Network
|
plug_project
|
plug
|
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000053
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257053
|
7.8 |
HIGH
Local
|
plug_project
|
plug
|
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
|
CWE-74
Injection
|
CVE-2017-1000052
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257054
|
6.1 |
MEDIUM
Network
|
xwiki
|
cryptpad
|
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000051
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257055
|
7.5 |
HIGH
Network
|
jasper_project
fedoraproject
redhat
canonical
|
jasper
fedora
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ubuntu_linux
|
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000050
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257056
|
7.5 |
HIGH
Network
|
qs_project
|
qs
|
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
|
CWE-20
Improper Input Validation
|
CVE-2017-1000048
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257057
|
9.8 |
CRITICAL
Network
|
rbenv_project
|
rbenv
|
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution
|
CWE-22
Path Traversal
|
CVE-2017-1000047
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257058
|
7.5 |
HIGH
Network
|
mautic
|
mautic
|
Mautic 2.6.1 and earlier fails to set flags on session cookies
|
NVD-CWE-noinfo
|
CVE-2017-1000046
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257059
|
9.8 |
CRITICAL
Network
|
gnome
|
gtk-vnc
|
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000044
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257060
|
6.1 |
MEDIUM
Network
|
mapbox
|
mapbox.js
|
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000043
|
2024-11-21 12:04 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
