SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action.
Max CVSS
9.8
EPSS Score
0.15%
Published
2017-08-31
Updated
2017-09-05
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF.
Max CVSS
6.1
EPSS Score
0.07%
Published
2017-08-31
Updated
2017-09-05
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.
Max CVSS
9.8
EPSS Score
0.19%
Published
2017-08-31
Updated
2017-09-07
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.
Max CVSS
9.8
EPSS Score
0.60%
Published
2017-08-31
Updated
2019-05-13
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
Max CVSS
7.5
EPSS Score
0.43%
Published
2017-08-31
Updated
2020-12-16
Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.56%
Published
2017-08-31
Updated
2020-12-07
Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-08-31
Updated
2019-10-21
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
Max CVSS
6.5
EPSS Score
0.34%
Published
2017-08-31
Updated
2020-09-08
In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Max CVSS
7.1
EPSS Score
0.22%
Published
2017-08-31
Updated
2019-10-03
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).
Max CVSS
6.5
EPSS Score
0.60%
Published
2017-08-31
Updated
2020-12-29
In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops.
Max CVSS
7.1
EPSS Score
0.20%
Published
2017-08-31
Updated
2019-10-03
In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops.
Max CVSS
7.1
EPSS Score
0.20%
Published
2017-08-31
Updated
2019-10-03
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.
Max CVSS
7.1
EPSS Score
0.20%
Published
2017-08-31
Updated
2019-10-03
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
Max CVSS
7.1
EPSS Score
0.16%
Published
2017-08-31
Updated
2019-10-03
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
Max CVSS
4.9
EPSS Score
0.04%
Published
2017-08-31
Updated
2018-03-16
In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.
Max CVSS
8.8
EPSS Score
0.22%
Published
2017-08-31
Updated
2017-09-01
In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field.
Max CVSS
5.4
EPSS Score
0.07%
Published
2017-08-31
Updated
2017-09-01
BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF.
Max CVSS
8.8
EPSS Score
0.10%
Published
2017-08-31
Updated
2017-09-01
A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c.
Max CVSS
6.5
EPSS Score
0.12%
Published
2017-08-30
Updated
2019-12-03
A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.
Max CVSS
8.8
EPSS Score
0.93%
Published
2017-08-30
Updated
2021-02-02
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.
Max CVSS
8.8
EPSS Score
0.80%
Published
2017-08-30
Updated
2021-02-02
A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Max CVSS
8.8
EPSS Score
1.68%
Published
2017-08-30
Updated
2021-02-02
CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-08-30
Updated
2017-09-01
CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-08-30
Updated
2017-09-02
CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-08-30
Updated
2017-09-01
1540 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!