CVE-2017-17760
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.
Source: CVE-2017-17760
[월:] 2017년 12월
CVE-2017-17917
CVE-2017-17917
SQL injection vulnerability in the ‘where’ method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ‘id’ parameter.
Source: CVE-2017-17917
CVE-2017-17916
CVE-2017-17916
SQL injection vulnerability in the ‘find_by’ method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ‘name’ parameter.
Source: CVE-2017-17916
CVE-2017-17920
CVE-2017-17920
SQL injection vulnerability in the ‘reorder’ method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ‘name’ parameter.
Source: CVE-2017-17920
CVE-2017-17919
CVE-2017-17919
SQL injection vulnerability in the ‘order’ method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ‘id desc’ parameter.
Source: CVE-2017-17919
CVE-2013-7400
CVE-2013-7400
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
Source: CVE-2013-7400
CVE-2017-17968
CVE-2017-17968
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
Source: CVE-2017-17968
CVE-2014-3651
CVE-2014-3651
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
Source: CVE-2014-3651
CVE-2017-16876
CVE-2017-16876
Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.
Source: CVE-2017-16876
CVE-2016-3695
CVE-2016-3695
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
Source: CVE-2016-3695