|
249041
|
7.5 |
HIGH
Network
|
starscream_project
|
starscream
|
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7192
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249042
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7454
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249043
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7453
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249044
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7452
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249045
|
9.8 |
CRITICAL
Network
|
airtame
|
hdmi_dongle_firmware
|
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,…
|
CWE-287
Improper Authentication
|
CVE-2017-7450
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249046
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a…
|
CWE-369
Divide By Zero
|
CVE-2017-7448
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249047
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
|
CWE-352
Origin Validation Error
|
CVE-2017-7447
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249048
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
|
CWE-352
Origin Validation Error
|
CVE-2017-7446
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249049
|
7.8 |
HIGH
Local
|
veritas
|
system_recovery
|
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.
|
NVD-CWE-noinfo
|
CVE-2017-7444
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249050
|
6.1 |
MEDIUM
Network
|
apt-cacher_project
apt-cacher-ng_project
|
apt-cacher
apt-cacher-ng
|
apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.
|
CWE-113
HTTP Response Splitting
|
CVE-2017-7443
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
