|
199211
|
6.5 |
MEDIUM
Network
|
libquicktime
|
libquicktime
|
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-20
Improper Input Validation
|
CVE-2017-12143
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199212
|
5.5 |
MEDIUM
Local
|
ytnef_project
|
ytnef
|
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12142
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199213
|
5.5 |
MEDIUM
Local
|
ytnef_project
|
ytnef
|
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12141
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199214
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
|
CWE-400
CWE-681
Uncontrolled Resource Consumption
Incorrect Conversion between Numeric Types
|
CVE-2017-12140
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199215
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12139
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199216
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
|
CWE-601
Open Redirect
|
CVE-2017-12138
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199217
|
5.9 |
MEDIUM
Network
|
gnu
|
glibc
|
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12132
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199218
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execu…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12062
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199219
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized befor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12061
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199220
|
6.5 |
MEDIUM
Network
|
underbit
|
mad_libmad
|
mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11552
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
