|
253171
|
6.5 |
MEDIUM
Network
|
openexr
|
openexr
|
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
|
NVD-CWE-noinfo
|
CVE-2017-9112
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253172
|
8.8 |
HIGH
Network
|
openexr
|
openexr
|
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
|
NVD-CWE-noinfo
|
CVE-2017-9111
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253173
|
6.5 |
MEDIUM
Network
|
openexr
|
openexr
|
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
|
NVD-CWE-noinfo
|
CVE-2017-9110
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253174
|
9.8 |
CRITICAL
Network
|
playsms
|
playsms
|
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9101
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253175
|
7.3 |
HIGH
Local
|
pmail
|
pegasus
|
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbi…
|
CWE-20
Improper Input Validation
|
CVE-2017-9046
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253176
|
7.5 |
HIGH
Network
|
secure-bytes
|
secure_cisco_auditor
|
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via…
|
CWE-22
Path Traversal
|
CVE-2017-9024
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253177
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600m_firmware
|
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
|
CWE-287
Improper Authentication
|
CVE-2017-9100
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253178
|
7.5 |
HIGH
Network
|
imagemagick
graphicsmagick
debian
|
imagemagick
graphicsmagick
debian_linux
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2017-9098
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253179
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9094
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253180
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9093
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
