|
258741
|
9.8 |
CRITICAL
Network
|
jabberd2
|
jabberd2
|
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
|
CWE-287
Improper Authentication
|
CVE-2017-10807
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258742
|
6.1 |
MEDIUM
Network
|
objectplanet
|
opinio
|
In ObjectPlanet Opinio before 7.6.4, there is XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10798
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258743
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-10800
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258744
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage().
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-10799
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258745
|
6.5 |
MEDIUM
Adjacent
|
tp-link
|
nc250_firmware
|
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
|
CWE-287
Improper Authentication
|
CVE-2017-10796
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258746
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10794
|
2024-11-21 12:06 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258747
|
6.1 |
MEDIUM
Network
|
intelliants
|
subrion
|
Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10795
|
2024-11-21 12:06 |
2017-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258748
|
6.2 |
MEDIUM
Local
|
antiy
|
antivirus_engine
|
When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10706
|
2024-11-21 12:06 |
2017-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258749
|
6.5 |
MEDIUM
Network
|
gnu
|
pspp
|
There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10792
|
2024-11-21 12:06 |
2017-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258750
|
6.5 |
MEDIUM
Network
|
gnu
|
pspp
|
There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SP…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-10791
|
2024-11-21 12:06 |
2017-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
