|
258421
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to th…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12427
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258422
|
9.8 |
CRITICAL
Network
|
shadow_project
debian
|
shadow
debian_linux
|
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other me…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12424
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258423
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12418
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258424
|
9.8 |
CRITICAL
Network
|
pcfreetime
|
format_factory
|
Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untrusted search path is used for msimg32.dll, WindowsCodecs.dll, and dwmapi.dll.
|
CWE-426
Untrusted Search Path
|
CVE-2017-12414
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258425
|
8.1 |
HIGH
Network
|
electron
|
electron
|
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or ear…
|
CWE-78
OS Command
|
CVE-2017-12581
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258426
|
4.9 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
If, after successful installation of MantisBT through 2.5.2 on MySQL/MariaDB, the administrator does not remove the 'admin' directory (as recommended in the "Post-installation and upgrade tasks" sect…
|
CWE-200
Information Exposure
|
CVE-2017-12419
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258427
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use afte…
|
CWE-416
Use After Free
|
CVE-2017-12448
|
2024-11-21 12:09 |
2017-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258428
|
7.5 |
HIGH
Network
|
varnish-cache
varnish_cache_project
varnish-software
|
varnish
varnish_cache
|
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12425
|
2024-11-21 12:09 |
2017-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258429
|
6.1 |
MEDIUM
Network
|
etoilewebdesign
|
ultimate_product_catalog
|
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12200
|
2024-11-21 12:09 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258430
|
9.8 |
CRITICAL
Network
|
etoilewebdesign
|
ultimate_product_catalog
|
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, ima…
|
CWE-89
SQL Injection
|
CVE-2017-12199
|
2024-11-21 12:09 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
