|
255331
|
9.8 |
CRITICAL
Network
|
teluu
debian
|
pjsip
debian_linux
|
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overf…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16872
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255332
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del…
|
CWE-94
Code Injection
|
CVE-2017-16871
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255333
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16870
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255334
|
7.8 |
HIGH
Local
|
upx_project
|
upx
|
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16869
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255335
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16868
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255336
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
amazon_key_firmware
|
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f…
|
NVD-CWE-noinfo
|
CVE-2017-16867
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255337
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16866
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255338
|
5.4 |
MEDIUM
Network
|
vonage
|
vdv-23_firmware
|
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16843
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255339
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
opensaml
debian_linux
|
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16853
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255340
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
service_provider
debian_linux
|
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and d…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16852
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
