|
198491
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12864
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198492
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12863
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198493
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-12862
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198494
|
7.5 |
HIGH
Network
|
numpy
|
numpy
|
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-12852
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198495
|
6.5 |
MEDIUM
Local
|
xen
|
xen
|
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is fre…
|
CWE-200
Information Exposure
|
CVE-2017-12855
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198496
|
8.8 |
HIGH
Network
|
rtsindia
|
rwr-3g-100_firmware
|
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authentic…
|
CWE-352
Origin Validation Error
|
CVE-2017-12853
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198497
|
8.8 |
HIGH
Network
|
kanboard
|
kanboard
|
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-12851
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198498
|
8.8 |
HIGH
Network
|
kanboard
|
kanboard
|
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-12850
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198499
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12799
|
2024-11-21 12:10 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198500
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12798
|
2024-11-21 12:10 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
