|
257421
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr
|
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
|
CWE-89
SQL Injection
|
CVE-2017-14238
|
2024-11-21 12:12 |
2017-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257422
|
5.3 |
MEDIUM
Network
|
genixcms
|
genixcms
|
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> user…
|
CWE-20
Improper Input Validation
|
CVE-2017-14231
|
2024-11-21 12:12 |
2017-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257423
|
9.1 |
CRITICAL
Network
|
cyrus
|
imap
|
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow re…
|
CWE-20
Improper Input Validation
|
CVE-2017-14230
|
2024-11-21 12:12 |
2017-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257424
|
7.5 |
HIGH
Network
|
jasper_project
|
jasper
|
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14229
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257425
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14228
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257426
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14227
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257427
|
7.5 |
HIGH
Network
|
libreoffice
libwpd
|
libreoffice
libwpd
|
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14226
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257428
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14225
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257429
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14224
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257430
|
6.5 |
MEDIUM
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14223
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
