|
255381
|
7.8 |
HIGH
Local
|
cpuid
|
cpu-z
|
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, be…
|
NVD-CWE-noinfo
|
CVE-2017-15302
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255382
|
7.5 |
HIGH
Network
|
mirasys
|
video_management_system
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-15290
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255383
|
6.1 |
MEDIUM
Network
|
bouqueteditor_project
|
bouqueteditor
|
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15287
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255384
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15268
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255385
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-22
Path Traversal
|
CVE-2017-15276
|
2024-11-21 12:14 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255386
|
7.5 |
HIGH
Network
|
sqlite
|
sqlite
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15286
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255387
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15284
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255388
|
8.8 |
HIGH
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15281
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255389
|
5.5 |
MEDIUM
Local
|
umbraco
|
umbraco_cms
|
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF…
|
CWE-611
XXE
|
CVE-2017-15280
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255390
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15279
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
