|
253491
|
9.8 |
CRITICAL
Network
|
avast
|
antivirus
|
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulner…
|
NVD-CWE-noinfo
|
CVE-2017-8307
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253492
|
5.4 |
MEDIUM
Network
|
blueriver
|
muracms
|
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/vie…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8302
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253493
|
5.3 |
MEDIUM
Network
|
openbsd
|
libressl
|
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callbac…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-8301
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253494
|
5.4 |
MEDIUM
Network
|
cnvs
|
canvas
|
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8298
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253495
|
9.8 |
CRITICAL
Network
|
simple-file-manager_project
|
simple-file-manager
|
A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).
|
CWE-22
Path Traversal
|
CVE-2017-8297
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253496
|
7.5 |
HIGH
Network
|
ked_password_manager_project
|
ked_password_manager
|
kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is written in cleartext. All of the commands performed in the password manager are written there. This can lead to the disclosure of …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-8296
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253497
|
7.5 |
HIGH
Network
|
virustotal
|
yara
|
libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_ex…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8294
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253498
|
9.8 |
CRITICAL
Network
|
riot_project
|
riot
|
Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attac…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8289
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253499
|
8.1 |
HIGH
Network
|
gnome
|
gnome-shell
|
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch application…
|
CWE-20
Improper Input Validation
|
CVE-2017-8288
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253500
|
9.8 |
CRITICAL
Network
|
freetype
|
freetype
|
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8287
|
2024-11-21 12:33 |
2017-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
