Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8073 2 Debian, Weechat 2 Debian Linux, Weechat 2025-04-20 N/A
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overflow.
CVE-2017-8309 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Openstack 2025-04-20 7.5 High
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
CVE-2017-8312 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2025-04-20 N/A
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.
CVE-2017-8314 2 Debian, Kodi 2 Debian Linux, Kodi 2025-04-20 N/A
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVE-2017-8357 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8361 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2025-04-20 N/A
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-8362 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2025-04-20 N/A
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.
CVE-2017-8363 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2025-04-20 N/A
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
CVE-2017-8810 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2025-04-20 N/A
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.
CVE-2017-8811 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2025-04-20 N/A
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
CVE-2017-8812 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2025-04-20 N/A
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
CVE-2017-8814 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2025-04-20 N/A
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
CVE-2017-8815 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2025-04-20 N/A
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
CVE-2017-8844 2 Debian, Long Range Zip Project 2 Debian Linux, Long Range Zip 2025-04-20 7.8 High
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
CVE-2017-8890 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2025-04-20 7.8 High
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVE-2017-9061 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.
CVE-2017-9062 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVE-2017-9063 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.
CVE-2017-9064 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
CVE-2017-9065 2 Debian, Wordpress 2 Debian Linux, Wordpress 2025-04-20 N/A
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.