|
247161
|
5.5 |
MEDIUM
Local
|
long_range_zip_project
|
long_range_zip
|
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8845
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247162
|
7.8 |
HIGH
Local
|
long_range_zip_project
debian
|
long_range_zip
debian_linux
|
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified oth…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8844
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247163
|
5.5 |
MEDIUM
Local
|
long_range_zip_project
|
long_range_zip
|
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-8843
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247164
|
5.5 |
MEDIUM
Local
|
long_range_zip_project
|
long_range_zip
|
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.
|
CWE-369
Divide By Zero
|
CVE-2017-8842
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247165
|
6.1 |
MEDIUM
Network
|
zen-cart
|
zen_cart
|
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8833
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247166
|
6.1 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
Allen Disk 1.6 has XSS in the id parameter to downfile.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8832
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247167
|
6.4 |
MEDIUM
Physics
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly hav…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8831
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247168
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-8830
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247169
|
7.8 |
HIGH
Local
|
debian
|
lintian
|
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-8829
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247170
|
9.1 |
CRITICAL
Network
|
genixcms
|
genixcms
|
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks vi…
|
CWE-287
Improper Authentication
|
CVE-2017-8827
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
