|
252871
|
9.8 |
CRITICAL
Network
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9265
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252872
|
9.8 |
CRITICAL
Network
|
openvswitch
|
openvswitch
|
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extr…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9264
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252873
|
6.5 |
MEDIUM
Adjacent
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i…
|
CWE-20
Improper Input Validation
|
CVE-2017-9263
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252874
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9262
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252875
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9261
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252876
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9252
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252877
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9251
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252878
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9250
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252879
|
5.4 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9249
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252880
|
6.1 |
MEDIUM
Network
|
aries_networks
|
qwr-1104_wireless-n_router_firmware
|
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9243
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
