|
249621
|
7.8 |
HIGH
Local
|
ytnef_project
debian
|
ytnef
debian_linux
|
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
|
CWE-125
Out-of-bounds Read
|
CVE-2017-6301
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249622
|
7.8 |
HIGH
Local
|
ytnef_project
debian
|
ytnef
debian_linux
|
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6300
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249623
|
5.5 |
MEDIUM
Local
|
ytnef_project
debian
|
ytnef
debian_linux
|
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6299
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249624
|
7.8 |
HIGH
Local
|
ytnef_project
debian
|
ytnef
debian_linux
|
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-6298
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249625
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as d…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-6197
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249626
|
7.8 |
HIGH
Local
|
artifex
|
afpl_ghostscript
|
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial …
|
CWE-416
Use After Free
|
CVE-2017-6196
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249627
|
6.1 |
MEDIUM
Network
|
paypal
|
merchant-sdk-php
|
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the toke…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6099
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249628
|
5.5 |
MEDIUM
Local
|
wolfssl
|
wolfssl
|
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
|
CWE-200
Information Exposure
|
CVE-2017-6076
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249629
|
7.5 |
HIGH
Network
|
tcpdf_project
|
tcpdf
|
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-6100
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249630
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packe…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6214
|
2024-11-21 12:29 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
