Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9230 | 1 Bitcoin | 1 Bitcoin | 2025-04-20 | 7.5 High |
| The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability | ||||
| CVE-2017-9231 | 1 Citrix | 1 Xenmobile Server | 2025-04-20 | N/A |
| XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2017-9232 | 1 Canonical | 1 Juju | 2025-04-20 | N/A |
| Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | ||||
| CVE-2017-9233 | 3 Debian, Libexpat Project, Python | 3 Debian Linux, Libexpat, Python | 2025-04-20 | 7.5 High |
| XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | ||||
| CVE-2017-9239 | 2 Canonical, Exiv2 | 2 Ubuntu Linux, Exiv2 | 2025-04-20 | N/A |
| An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. | ||||
| CVE-2017-9242 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | ||||
| CVE-2017-9243 | 1 Aries Networks | 2 Qwr-1104 Wireless-n Router, Qwr-1104 Wireless-n Router Firmware | 2025-04-20 | N/A |
| Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point. | ||||
| CVE-2017-9244 | 1 Trello | 1 Trello | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. | ||||
| CVE-2017-9245 | 1 Google | 1 News And Weather | 2025-04-20 | N/A |
| The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | ||||
| CVE-2017-9246 | 1 Newrelic | 1 .net Agent | 2025-04-20 | N/A |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. | ||||
| CVE-2017-9247 | 1 Sierrawireless | 3 Sierra Wireless Em7345 Software, Sierra Wireless Em7455 Software, Sierra Wireless Location Sensor Driver | 2025-04-20 | N/A |
| Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges. | ||||
| CVE-2017-9249 | 1 Allen Disk Project | 1 Allen Disk | 2025-04-20 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php. | ||||
| CVE-2017-9250 | 1 Jerryscript | 1 Jerryscript | 2025-04-20 | 7.5 High |
| The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | ||||
| CVE-2017-9251 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php. | ||||
| CVE-2017-9252 | 1 Finecms Project | 1 Finecms | 2025-04-20 | N/A |
| andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | ||||
| CVE-2017-9253 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2025-04-20 | N/A |
| The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | ||||
| CVE-2017-9254 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2025-04-20 | N/A |
| The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | ||||
| CVE-2017-9255 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2025-04-20 | N/A |
| The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | ||||
| CVE-2017-9256 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2025-04-20 | N/A |
| The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | ||||
| CVE-2017-9257 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2025-04-20 | N/A |
| The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file. | ||||