|
257451
|
7.5 |
HIGH
Network
|
scrapy
|
scrapy
|
Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14158
|
2024-11-21 12:12 |
2017-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257452
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive informa…
|
CWE-200
Information Exposure
|
CVE-2017-14156
|
2024-11-21 12:12 |
2017-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257453
|
8.8 |
HIGH
Network
|
uclouvain
debian
|
openjpeg
debian_linux
|
A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of serv…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-14152
|
2024-11-21 12:12 |
2017-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257454
|
8.8 |
HIGH
Network
|
uclouvain
debian
|
openjpeg
debian_linux
|
An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14151
|
2024-11-21 12:12 |
2017-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257455
|
7.5 |
HIGH
Network
|
embedthis
|
goahead
|
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14149
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257456
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.
|
CWE-94
Code Injection
|
CVE-2017-14146
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257457
|
9.8 |
CRITICAL
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.
|
CWE-89
SQL Injection
|
CVE-2017-14145
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257458
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid ex…
|
CWE-200
Information Exposure
|
CVE-2017-14140
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257459
|
5.5 |
MEDIUM
Local
|
gnome
|
gedit
|
libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-14108
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257460
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-14139
|
2024-11-21 12:12 |
2017-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
