Search

Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9346 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
CVE-2017-9347 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
CVE-2017-9348 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
CVE-2017-9349 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
CVE-2017-9350 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
CVE-2017-9351 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
CVE-2017-9363 1 Soffid 1 Iam 2025-04-20 N/A
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
CVE-2017-9352 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
CVE-2017-9353 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
CVE-2017-9354 1 Wireshark 1 Wireshark 2025-04-20 N/A
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
CVE-2017-9355 1 Subsonic 1 Subsonic 2025-04-20 N/A
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVE-2017-9356 1 Sitecore 1 Sitecore.net 2025-04-20 N/A
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
CVE-2017-9358 2 Asterisk, Sangoma 2 Certified Asterisk, Asterisk 2025-04-20 N/A
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
CVE-2017-9359 1 Digium 2 Certified Asterisk, Open Source 2025-04-20 N/A
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
CVE-2017-9360 1 Websitebaker 1 Websitebaker 2025-04-20 N/A
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVE-2017-9364 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
CVE-2017-9365 1 Bigtreecms 1 Bigtree Cms 2025-04-20 N/A
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
CVE-2017-9366 1 Epesi 1 Epesi 2025-04-20 N/A
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
CVE-2017-9367 1 Blackberry 2 Workspaces Appliance-x, Workspaces Vapp 2025-04-20 N/A
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
CVE-2017-9368 1 Blackberry 2 Workspaces Appliance-x, Workspaces Vapp 2025-04-20 N/A
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.