|
256771
|
9.8 |
CRITICAL
Network
|
trendmicro
|
mobile_security
|
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
CWE-89
SQL Injection
|
CVE-2017-14078
|
2024-11-21 12:12 |
2017-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256772
|
5.4 |
MEDIUM
Network
|
mirasvit
|
helpdesk_mx
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) cust…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14321
|
2024-11-21 12:12 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256773
|
8.0 |
HIGH
Network
|
mirasvit
|
helpdesk_mx
|
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.
|
CWE-20
Improper Input Validation
|
CVE-2017-14320
|
2024-11-21 12:12 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256774
|
8.8 |
HIGH
Network
|
xiph.org
debian
|
libvorbis
debian_linux
|
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified ot…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14160
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256775
|
8.1 |
HIGH
Network
|
libsndfile_project
debian
|
libsndfile
debian_linux
|
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14246
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256776
|
8.1 |
HIGH
Network
|
libsndfile_project
debian
|
libsndfile
debian_linux
|
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14245
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256777
|
7.5 |
HIGH
Network
|
yadifa
|
yadifa
|
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage an…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14339
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256778
|
7.5 |
HIGH
Network
|
ruby-lang
|
ruby
|
The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14033
|
2024-11-21 12:12 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256779
|
7.8 |
HIGH
Local
|
netmechanica
|
netdecision
|
The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.
|
NVD-CWE-noinfo
|
CVE-2017-14311
|
2024-11-21 12:12 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256780
|
9.8 |
CRITICAL
Network
|
kaltura
|
kaltura_server
|
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and cons…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-14143
|
2024-11-21 12:12 |
2017-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
