|
251001
|
6.5 |
MEDIUM
Adjacent
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i…
|
CWE-20
Improper Input Validation
|
CVE-2017-9263
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251002
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9262
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251003
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9261
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251004
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9252
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251005
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9251
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251006
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9250
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251007
|
5.4 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9249
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251008
|
6.1 |
MEDIUM
Network
|
aries_networks
|
qwr-1104_wireless-n_router_firmware
|
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9243
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251009
|
9.8 |
CRITICAL
Network
|
canonical
|
juju
|
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
|
CWE-862
Missing Authorization
|
CVE-2017-9232
|
2024-11-21 12:35 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251010
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to…
|
CWE-20
Improper Input Validation
|
CVE-2017-9242
|
2024-11-21 12:35 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
