|
247911
|
6.5 |
MEDIUM
Network
|
elastic
|
x-pack
|
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL k…
|
CWE-200
Information Exposure
|
CVE-2017-8442
|
2024-11-21 12:34 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247912
|
7.8 |
HIGH
Local
|
faststone
|
image_viewer
|
FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mish…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8826
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247913
|
7.8 |
HIGH
Local
|
mh-nexus
|
hex_editor
|
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8803
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247914
|
7.8 |
HIGH
Local
|
faststone
|
image_viewer
|
FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attack…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8785
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247915
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, beca…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8781
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247916
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
|
IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a "User Mode Write AV near NULL" issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8766
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247917
|
6.5 |
MEDIUM
Network
|
swftools
|
swftools
|
SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malforme…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8420
|
2024-11-21 12:34 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247918
|
8.1 |
HIGH
Network
|
aeroadmin
|
aeroadmin
|
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-8894
|
2024-11-21 12:34 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247919
|
7.5 |
HIGH
Network
|
aeroadmin
|
aeroadmin
|
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8893
|
2024-11-21 12:34 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247920
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker.…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-8797
|
2024-11-21 12:34 |
2017-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
