|
258171
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12691
|
2024-11-21 12:10 |
2017-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258172
|
5.9 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Cry…
|
CWE-200
Information Exposure
|
CVE-2017-12870
|
2024-11-21 12:10 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258173
|
7.5 |
HIGH
Network
|
simplesamlphp
debian
|
simplesamlphp
debian_linux
|
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via …
|
CWE-20
Improper Input Validation
|
CVE-2017-12869
|
2024-11-21 12:10 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258174
|
9.8 |
CRITICAL
Network
|
simplesamlphp
|
simplesamlphp
|
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypas…
|
CWE-384
Session Fixation
|
CVE-2017-12868
|
2024-11-21 12:10 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258175
|
7.4 |
HIGH
Network
|
siemens
|
logo\!_8_bm_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could poten…
|
-
|
CVE-2017-12735
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258176
|
7.5 |
HIGH
Network
|
siemens
|
logo\!8_bm_fs-05_firmware
|
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the sessio…
|
-
|
CVE-2017-12734
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258177
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-12717
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258178
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-12713
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258179
|
7.8 |
HIGH
Local
|
advantech
|
webaccess
|
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to …
|
NVD-CWE-noinfo
|
CVE-2017-12711
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258180
|
7.5 |
HIGH
Network
|
advantech
|
webaccess
|
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could …
|
CWE-89
SQL Injection
|
CVE-2017-12710
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
