|
248531
|
8.8 |
HIGH
Network
|
solarwinds
|
log_\&_event_manager
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
|
NVD-CWE-noinfo
|
CVE-2017-7647
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248532
|
6.5 |
MEDIUM
Network
|
solarwinds
|
log_\&_event_manager
|
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
|
CWE-200
Information Exposure
|
CVE-2017-7646
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248533
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
|
CWE-94
Code Injection
|
CVE-2017-7625
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248534
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-7624
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248535
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7623
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248536
|
8.8 |
HIGH
Network
|
deepin
|
deepin_desktop_environment
|
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Any…
|
CWE-862
Missing Authorization
|
CVE-2017-7622
|
2024-11-21 12:32 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248537
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, Modula…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7619
|
2024-11-21 12:32 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248538
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7618
|
2024-11-21 12:32 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248539
|
8.8 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7617
|
2024-11-21 12:32 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248540
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stac…
|
CWE-388
7PK - Errors
|
CVE-2017-7616
|
2024-11-21 12:32 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
