CVE-2017-15115
- EPSS 0.47%
- Veröffentlicht 15.11.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possi...
CVE-2017-15923
- EPSS 2.73%
- Veröffentlicht 15.11.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.
CVE-2017-8808
- EPSS 1.05%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
CVE-2017-8809
- EPSS 7.71%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
CVE-2017-8810
- EPSS 2.15%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumera...
CVE-2017-8811
- EPSS 1.05%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVE-2017-8812
- EPSS 1.57%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
CVE-2017-8814
- EPSS 1.61%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
CVE-2017-8815
- EPSS 1.61%
- Veröffentlicht 15.11.2017 08:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVE-2016-8610
- EPSS 39.66%
- Veröffentlicht 13.11.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...