CVE-2017-6298
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
Source: CVE-2017-6298
[월:] 2017년 02월
CVE-2017-6299
CVE-2017-6299
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."
Source: CVE-2017-6299
CVE-2017-6306
CVE-2017-6306
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
Source: CVE-2017-6306
CVE-2017-6197
CVE-2017-6197
The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function.
Source: CVE-2017-6197
CVE-2017-6307
CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
Source: CVE-2017-6307
CVE-2017-6099 (merchant-sdk-php)
CVE-2017-6099 (merchant-sdk-php)
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Source: CVE-2017-6099 (merchant-sdk-php)
CVE-2017-6076 (wolfssl)
CVE-2017-6076 (wolfssl)
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
Source: CVE-2017-6076 (wolfssl)
CVE-2017-6076
CVE-2017-6076
In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.
Source: CVE-2017-6076
CVE-2017-6099
CVE-2017-6099
Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.
Source: CVE-2017-6099
CVE-2014-9916 (bilboplanet)
CVE-2014-9916 (bilboplanet)
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.
Source: CVE-2014-9916 (bilboplanet)