|
249171
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7856
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249172
|
6.1 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7725
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249173
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7854
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249174
|
7.5 |
HIGH
Network
|
gnu
|
osip
|
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7853
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249175
|
9.8 |
CRITICAL
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
|
CWE-89
SQL Injection
|
CVE-2017-7628
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249176
|
5.3 |
MEDIUM
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
|
NVD-CWE-noinfo
|
CVE-2017-7627
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249177
|
6.1 |
MEDIUM
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
|
CWE-79
Cross-site Scripting
|
CVE-2017-7626
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249178
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pac…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7748
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249179
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c…
|
CWE-20
Improper Input Validation
|
CVE-2017-7747
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249180
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/pa…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7746
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
