|
253971
|
5.5 |
MEDIUM
Local
|
libtiff
|
libtiff
|
tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7593
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253972
|
7.8 |
HIGH
Local
|
libtiff
|
libtiff
|
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly…
|
CWE-20
Improper Input Validation
|
CVE-2017-7592
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253973
|
6.1 |
MEDIUM
Network
|
openidm_project
|
openidm
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/us…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7591
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253974
|
6.1 |
MEDIUM
Network
|
openidm_project
|
openidm
|
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7590
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253975
|
6.5 |
MEDIUM
Network
|
openidm_project
|
openidm
|
In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the "anonymous" user, as demonstrated by responses with a 200 HTTP status code and a JSON obj…
|
CWE-200
Information Exposure
|
CVE-2017-7589
|
2024-11-21 12:32 |
2017-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253976
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "header_read()" function (common.c) when handling ID3 tags can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7586
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253977
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7585
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253978
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_pdf_toolkit
|
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7584
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253979
|
6.1 |
MEDIUM
Network
|
ilias
|
ilias
|
ILIAS before 5.2.3 has XSS via SVG documents.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7583
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253980
|
9.8 |
CRITICAL
Network
|
news_system_project
|
news_system
|
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand f…
|
CWE-89
SQL Injection
|
CVE-2017-7581
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
