|
198431
|
7.5 |
HIGH
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11178
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198432
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to …
|
CWE-416
Use After Free
|
CVE-2017-11176
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198433
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-session
|
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11171
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198434
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11170
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198435
|
7.5 |
HIGH
Network
|
pcre
|
pcre
|
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-11164
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198436
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the heade…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11166
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198437
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, r…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11163
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198438
|
9.1 |
CRITICAL
Network
|
php
netapp
|
php
clustered_data_ontap
|
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11147
|
2024-11-21 12:07 |
2017-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198439
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak informat…
|
CWE-200
Information Exposure
|
CVE-2017-11145
|
2024-11-21 12:07 |
2017-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198440
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of …
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2017-11144
|
2024-11-21 12:07 |
2017-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
