|
266611
|
9.8 |
CRITICAL
Network
|
embedthis
|
goahead
|
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000471
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266612
|
7.5 |
HIGH
Network
|
embedthis
|
goahead_web_server
|
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000470
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266613
|
9.8 |
CRITICAL
Network
|
cobbler_project
|
cobbler
|
Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.
|
CWE-20
Improper Input Validation
|
CVE-2017-1000469
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266614
|
5.4 |
MEDIUM
Network
|
bookstackapp
|
bookstack
|
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000462
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266615
|
4.7 |
MEDIUM
Network
|
brave
|
browser
|
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000461
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266616
|
6.5 |
MEDIUM
Network
|
libav
ffmpeg
google
|
libav
ffmpeg
chrome
|
In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-1000460
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266617
|
6.5 |
MEDIUM
Network
|
plone
|
plone
|
Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part…
|
NVD-CWE-noinfo
|
CVE-2017-1000483
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266618
|
5.4 |
MEDIUM
Network
|
plone
|
plone
|
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000482
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266619
|
9.8 |
CRITICAL
Network
|
smarty
|
smarty
|
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
|
CWE-94
Code Injection
|
CVE-2017-1000480
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266620
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you t…
|
CWE-601
Open Redirect
|
CVE-2017-1000481
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
