|
256991
|
6.5 |
MEDIUM
Network
|
libarchive
|
libarchive
|
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14503
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256992
|
7.5 |
HIGH
Network
|
libarchive
|
libarchive
|
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_rea…
|
CWE-125
CWE-193
Out-of-bounds Read
Off-by-one Error
|
CVE-2017-14502
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256993
|
6.5 |
MEDIUM
Network
|
libarchive
|
libarchive
|
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14501
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256994
|
8.8 |
HIGH
Network
|
newsbeuter
|
newsbeuter
|
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code exe…
|
CWE-78
OS Command
|
CVE-2017-14500
|
2024-11-21 12:12 |
2017-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256995
|
6.1 |
MEDIUM
Network
|
silverstripe
|
silverstripe
|
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pag…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14498
|
2024-11-21 12:12 |
2017-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256996
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and m…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14497
|
2024-11-21 12:12 |
2017-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256997
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14340
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256998
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
|
CWE-20
Improper Input Validation
|
CVE-2017-14489
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256999
|
7.3 |
HIGH
Local
|
gentoo
|
sci-mathematics-gimps
|
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because a…
|
CWE-269
Improper Privilege Management
|
CVE-2017-14484
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257000
|
5.5 |
MEDIUM
Local
|
gentoo
|
dev-python-flower
|
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leve…
|
CWE-362
Race Condition
|
CVE-2017-14483
|
2024-11-21 12:12 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
