|
258241
|
6.1 |
MEDIUM
Network
|
genixcms
|
genixcms
|
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17431
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258242
|
8.6 |
HIGH
Network
|
openstack
|
nova
|
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyper…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-17051
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258243
|
8.1 |
HIGH
Network
|
gnu
|
glibc
|
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potential…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-17426
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258244
|
8.5 |
HIGH
Network
|
atlassian
|
bitbucket_auto_unapprove_plugin
|
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsus…
|
CWE-362
Race Condition
|
CVE-2017-16857
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258245
|
6.1 |
MEDIUM
Network
|
atlassian
|
confluence
|
The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16856
|
2024-11-21 12:17 |
2017-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258246
|
7.5 |
HIGH
Network
|
i2pd
getkovri
|
i2pd
kovri
|
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitiv…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17066
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258247
|
9.8 |
CRITICAL
Network
|
claymore_dual_miner_project
|
claymore_dual_miner
|
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16930
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258248
|
8.1 |
HIGH
Network
|
claymore_dual_miner_project
|
claymore_dual_miner
|
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re…
|
CWE-119
CWE-22
Incorrect Access of Indexable Resource ('Range Error')
Path Traversal
|
CVE-2017-16929
|
2024-11-21 12:17 |
2017-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258249
|
6.1 |
MEDIUM
Network
|
zkteco
|
zktime_web
|
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Pe…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17057
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258250
|
8.8 |
HIGH
Network
|
libav
|
libav
|
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17130
|
2024-11-21 12:17 |
2017-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
