|
256301
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15268
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256302
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-22
Path Traversal
|
CVE-2017-15276
|
2024-11-21 12:14 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256303
|
7.5 |
HIGH
Network
|
sqlite
|
sqlite
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15286
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256304
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15284
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256305
|
8.8 |
HIGH
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15281
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256306
|
5.5 |
MEDIUM
Local
|
umbraco
|
umbraco_cms
|
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF…
|
CWE-611
XXE
|
CVE-2017-15280
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256307
|
5.4 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15279
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256308
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arb…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15278
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256309
|
6.5 |
MEDIUM
Network
|
imagemagick
graphicsmagick
|
imagemagick
graphicsmagick
|
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected …
|
CWE-200
Information Exposure
|
CVE-2017-15277
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256310
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15274
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
