The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.23%
Published
2017-07-07
Updated
2023-09-15
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-07-17
Updated
2023-01-17
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.25%
Published
2017-07-17
Updated
2017-07-26
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.72%
Published
2017-07-07
Updated
2022-01-31
Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
1.51%
Published
2017-07-17
Updated
2020-12-07
Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.10%
Published
2017-07-17
Updated
2020-12-07
Linux foundation ONOS 1.9.0 is vulnerable to a DoS.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2017-07-17
Updated
2020-12-07
Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-07-17
Updated
2020-12-07
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
Source: MITRE
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-07-17
Updated
2017-07-19
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.34%
Published
2017-07-17
Updated
2017-07-19
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.
Source: MITRE
Max CVSS
9.8
EPSS Score
0.69%
Published
2017-07-17
Updated
2017-07-19
Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations
Source: MITRE
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-07-17
Updated
2017-07-19
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
Source: MITRE
Max CVSS
8.1
EPSS Score
0.45%
Published
2017-07-17
Updated
2019-10-03
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
Source: MITRE
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-07-17
Updated
2017-07-20
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-07-17
Updated
2017-07-20
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-07-17
Updated
2020-08-05
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.09%
Published
2017-07-17
Updated
2017-07-21
The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.19%
Published
2017-07-17
Updated
2019-10-03
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-07-17
Updated
2017-07-21
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS
Source: MITRE
Max CVSS
7.5
EPSS Score
0.11%
Published
2017-07-17
Updated
2017-07-19
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure
Source: MITRE
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-07-17
Updated
2017-07-19
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
Source: MITRE
Max CVSS
7.5
EPSS Score
10.72%
Published
2017-07-17
Updated
2017-07-19
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
Source: MITRE
Max CVSS
7.1
EPSS Score
0.26%
Published
2017-07-17
Updated
2021-06-14
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
Source: MITRE
Max CVSS
10.0
EPSS Score
0.20%
Published
2017-07-17
Updated
2021-02-25
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
Source: MITRE
Max CVSS
6.1
EPSS Score
0.13%
Published
2017-07-17
Updated
2017-07-20
1268 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!