|
258251
|
7.2 |
HIGH
Network
|
10web
|
photo_gallery
|
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in a…
|
CWE-89
SQL Injection
|
CVE-2017-12977
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258252
|
8.8 |
HIGH
Network
|
git-annex_project
|
git-annex
|
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a rel…
|
CWE-20
Improper Input Validation
|
CVE-2017-12976
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258253
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-12974
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258254
|
3.1 |
LOW
Network
|
connect2id
|
nimbus_jose\+jwt
|
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2017-12973
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258255
|
7.5 |
HIGH
Network
|
connect2id
|
nimbus_jose\+jwt
|
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authe…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-12972
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258256
|
6.5 |
MEDIUM
Network
|
asn1c_project
|
asn1c
|
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12966
|
2024-11-21 12:10 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258257
|
6.5 |
MEDIUM
Network
|
gnu
|
binutils
|
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12967
|
2024-11-21 12:10 |
2017-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258258
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-12964
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258259
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitabl…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12963
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258260
|
7.5 |
HIGH
Network
|
libsass
|
libsass
|
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12962
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
