|
248411
|
9.8 |
CRITICAL
Network
|
ffmpeg
|
ffmpeg
|
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7859
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248412
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7858
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248413
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfob…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7857
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248414
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7856
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248415
|
6.1 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7725
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248416
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7854
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248417
|
7.5 |
HIGH
Network
|
gnu
|
osip
|
In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7853
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248418
|
9.8 |
CRITICAL
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
|
CWE-89
SQL Injection
|
CVE-2017-7628
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248419
|
5.3 |
MEDIUM
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
|
NVD-CWE-noinfo
|
CVE-2017-7627
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248420
|
6.1 |
MEDIUM
Network
|
smart_related_articles_project
|
smart_related_articles
|
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
|
CWE-79
Cross-site Scripting
|
CVE-2017-7626
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
