|
248091
|
8.8 |
HIGH
Network
|
mozilla
sil
|
firefox
graphite2
|
Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7773
|
2024-11-21 12:32 |
2019-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248092
|
8.1 |
HIGH
Network
|
mozilla
sil
|
firefox
graphite2
|
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7771
|
2024-11-21 12:32 |
2019-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248093
|
8.8 |
HIGH
Network
|
mozilla
sil
|
firefox
graphite2
|
Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7772
|
2024-11-21 12:32 |
2019-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248094
|
9.8 |
CRITICAL
Network
|
hanwhasecurity
|
srn-4000_firmware
|
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page w…
|
CWE-287
Improper Authentication
|
CVE-2017-7912
|
2024-11-21 12:32 |
2019-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248095
|
7.5 |
HIGH
Network
|
eclipse
debian
|
mosquitto
debian_linux
|
In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7655
|
2024-11-21 12:32 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248096
|
8.8 |
HIGH
Network
|
redhat
|
ovirt-engine
|
In ovirt-engine 4.1, if a host was provisioned with cloud-init, the root password could be revealed through the REST interface.
|
-
|
CVE-2017-7510
|
2024-11-21 12:32 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248097
|
7.6 |
HIGH
Network
|
gigasoft
ge
|
proessentials
ge_communicator
|
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7908
|
2024-11-21 12:32 |
2018-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248098
|
6.5 |
MEDIUM
Adjacent
|
redhat
|
cloudforms_management_engine
ansible_tower
|
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using c…
|
CWE-93
CRLF Injection
|
CVE-2017-7528
|
2024-11-21 12:32 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248099
|
5.4 |
MEDIUM
Network
|
redhat
|
satellite
|
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this fl…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7513
|
2024-11-21 12:32 |
2018-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248100
|
7.8 |
HIGH
Local
|
rpm
|
rpm
|
It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and …
|
CWE-59
Link Following
|
CVE-2017-7500
|
2024-11-21 12:32 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
