|
253761
|
6.5 |
MEDIUM
Network
|
gnu
|
libcdio
|
realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-18199
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253762
|
8.8 |
HIGH
Network
|
gnu
|
libcdio
|
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a craf…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18198
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253763
|
9.8 |
CRITICAL
Network
|
jgraph
|
mxgraph
|
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert() is missing flags to prevent XML External Entity (XXE) attacks, as demonstrated by /ServerView.
|
CWE-611
XXE
|
CVE-2017-18197
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253764
|
3.3 |
LOW
Local
|
leptonica
|
leptonica
|
Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrict…
|
CWE-22
Path Traversal
|
CVE-2017-18196
|
2024-11-21 12:19 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253765
|
9.8 |
CRITICAL
Network
|
hamayeshnegar
|
hamayeshnegar_cms
|
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.
|
CWE-89
SQL Injection
|
CVE-2017-18194
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253766
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18193
|
2024-11-21 12:19 |
2018-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253767
|
7.5 |
HIGH
Network
|
photo\
video_locker-calculator_project
|
photo\
video_locker-calculator
|
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
|
CWE-200
Information Exposure
|
CVE-2017-18192
|
2024-11-21 12:19 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253768
|
7.5 |
HIGH
Network
|
openstack
redhat
|
nova
openstack
|
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt t…
|
NVD-CWE-noinfo
|
CVE-2017-18191
|
2024-11-21 12:19 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253769
|
5.3 |
MEDIUM
Network
|
atlassian
|
crucible
|
The SnippetRPCServiceImpl class in Atlassian Crucible before version 4.5.1 (the fixed version 4.5.x) and before 4.6.0 allows remote attackers to comment on snippets they do not have authorization to …
|
CWE-863
Incorrect Authorization
|
CVE-2017-18095
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253770
|
4.8 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inj…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18093
|
2024-11-21 12:19 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
