|
253871
|
5.5 |
MEDIUM
Local
|
sam2p_project
|
sam2p
|
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16663
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253872
|
4.9 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by file…
|
CWE-200
Information Exposure
|
CVE-2017-16661
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253873
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-16660
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253874
|
7.8 |
HIGH
Local
|
anti-spam_smtp_proxy_project
|
anti-spam_smtp_proxy
|
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl scrip…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16659
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253875
|
9.8 |
CRITICAL
Network
|
owlmixin_project
|
owlmixin
|
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python c…
|
NVD-CWE-noinfo
|
CVE-2017-16618
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253876
|
9.8 |
CRITICAL
Network
|
pyanyapi_project
|
pyanyapi
|
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting…
|
NVD-CWE-noinfo
|
CVE-2017-16616
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253877
|
9.8 |
CRITICAL
Network
|
mlalchemy_project
|
mlalchemy
|
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser…
|
NVD-CWE-noinfo
|
CVE-2017-16615
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253878
|
6.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have u…
|
CWE-369
Divide By Zero
|
CVE-2017-16650
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253879
|
6.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or poss…
|
CWE-369
Divide By Zero
|
CVE-2017-16649
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253880
|
6.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possib…
|
CWE-416
Use After Free
|
CVE-2017-16648
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
