|
259011
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buff…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11362
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259012
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
|
CWE-834
Excessive Iteration
|
CVE-2017-11360
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259013
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
|
CWE-89
SQL Injection
|
CVE-2017-11354
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259014
|
5.9 |
MEDIUM
Network
|
yadm_project
|
yadm
|
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH a…
|
CWE-362
Race Condition
|
CVE-2017-11353
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259015
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-91…
|
NVD-CWE-noinfo
|
CVE-2017-11352
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259016
|
9.8 |
CRITICAL
Network
|
datataker
|
dt8x_firmware
|
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-11349
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259017
|
5.7 |
MEDIUM
Network
|
octopus
|
octopus_deploy
octopus_server
|
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or m…
|
CWE-22
Path Traversal
|
CVE-2017-11348
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259018
|
8.8 |
HIGH
Network
|
metinfo
|
metinfo
|
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc…
|
NVD-CWE-noinfo
|
CVE-2017-11347
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259019
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
|
CWE-20
Improper Input Validation
|
CVE-2017-11346
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259020
|
7.8 |
HIGH
Local
|
asuswrt-merlin_project
|
rt-ac5300_firmware
rt_ac1900p_firmware
rt-ac68u_firmware
rt-ac68p_firmware
rt-ac88u_firmware
rt-ac66u_firmware
rt-ac66u_b1_firmware
rt-ac58u_firmware
rt-ac56u_firmware
rt-a…
|
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC5…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11345
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
