|
198521
|
8.8 |
HIGH
Network
|
graphicsmagick
|
graphicsmagick
|
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
|
CWE-416
Use After Free
|
CVE-2017-11403
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198522
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg 2.4 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) o…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11399
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198523
|
5.4 |
MEDIUM
Network
|
bolt
|
bolt_cms
|
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11128
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198524
|
5.4 |
MEDIUM
Network
|
bolt
|
bolt_cms
|
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11127
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198525
|
8.8 |
HIGH
Network
|
intenogroup
|
inteno_router_firmware
|
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because …
|
CWE-269
Improper Privilege Management
|
CVE-2017-11361
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198526
|
7.5 |
HIGH
Network
|
shoco_project
|
shoco
|
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11367
|
2024-11-21 12:07 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198527
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buff…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11362
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198528
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
|
CWE-834
Excessive Iteration
|
CVE-2017-11360
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198529
|
9.8 |
CRITICAL
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name.
|
CWE-89
SQL Injection
|
CVE-2017-11354
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198530
|
5.9 |
MEDIUM
Network
|
yadm_project
|
yadm
|
yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH a…
|
CWE-362
Race Condition
|
CVE-2017-11353
|
2024-11-21 12:07 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
