|
253481
|
6.5 |
MEDIUM
Network
|
openldap
debian
redhat
mcafee
oracle
|
openldap
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_eus
enterprise_linux_server_tus
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged …
|
CWE-415
Double Free
|
CVE-2017-9287
|
2024-11-21 12:35 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
253482
|
9.8 |
CRITICAL
Network
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9265
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253483
|
9.8 |
CRITICAL
Network
|
openvswitch
|
openvswitch
|
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extr…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9264
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253484
|
6.5 |
MEDIUM
Adjacent
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i…
|
CWE-20
Improper Input Validation
|
CVE-2017-9263
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253485
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9262
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253486
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-9261
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253487
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9252
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253488
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9251
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253489
|
7.5 |
HIGH
Network
|
jerryscript
|
jerryscript
|
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of ser…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9250
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253490
|
5.4 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9249
|
2024-11-21 12:35 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
