CVE-2017-1000497
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution
Source: CVE-2017-1000497
[월:] 2018년 01월
CVE-2017-1000498
CVE-2017-1000498
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Source: CVE-2017-1000498
CVE-2017-1000494
CVE-2017-1000494
Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact
Source: CVE-2017-1000494
CVE-2017-1000499
CVE-2017-1000499
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Source: CVE-2017-1000499
CVE-2018-4868
CVE-2018-4868
The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file.
Source: CVE-2018-4868
CVE-2018-4862
CVE-2018-4862
In Octopus Deploy versions 3.2.11 – 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges.
Source: CVE-2018-4862
CVE-2017-18017
CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
Source: CVE-2017-18017
CVE-2017-1000493
CVE-2017-1000493
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
Source: CVE-2017-1000493
CVE-2017-1000491
CVE-2017-1000491
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Source: CVE-2017-1000491
CVE-2017-1000492
CVE-2017-1000492
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
Source: CVE-2017-1000492