Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-6817 |
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. Published: March 11, 2017; 8:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-6816 |
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. Published: March 11, 2017; 8:59:00 PM -0500 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2017-6815 |
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. Published: March 11, 2017; 8:59:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2017-6814 |
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. Published: March 11, 2017; 8:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-6802 |
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. Published: March 10, 2017; 5:59:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-6801 |
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. Published: March 10, 2017; 5:59:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-6800 |
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. Published: March 10, 2017; 5:59:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-6500 |
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. Published: March 05, 2017; 9:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-6499 |
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). Published: March 05, 2017; 9:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-6498 |
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. Published: March 05, 2017; 9:59:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5976 |
Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. Published: March 01, 2017; 10:59:01 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5975 |
Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. Published: March 01, 2017; 10:59:01 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5974 |
Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. Published: March 01, 2017; 10:59:01 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-5946 |
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem. Published: February 27, 2017; 2:59:00 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-6306 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-6305 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-6304 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-6303 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-6302 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-6301 |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." Published: February 23, 2017; 11:59:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |