Export limit exceeded: 47293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364883 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11647 1 Netcomm 2 4gt101w Bootloader, 4gt101w Software 2025-04-20 N/A
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.
CVE-2017-11648 1 Techroutes 2 Tr 1803-3g, Tr 1803-3g Firmware 2025-04-20 N/A
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.
CVE-2017-11651 1 Nexusphp 1 Nexusphp 2025-04-20 6.1 Medium
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
CVE-2017-11652 1 Razer 1 Synapse 2025-04-20 8.4 High
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.
CVE-2017-11653 1 Razer 1 Synapse 2025-04-20 7.8 High
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.
CVE-2017-11654 1 Sipcrack Project 1 Sipcrack 2025-04-20 5.9 Medium
An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.
CVE-2017-11655 1 Sipcrack Project 1 Sipcrack 2025-04-20 7.5 High
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.
CVE-2017-11657 1 Dashlane 1 Dashlane 2025-04-20 7.3 High
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVE-2017-11658 1 Wp-rocket 1 Wp-rocket 2025-04-20 N/A
In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00.../.%00.../ attack.
CVE-2017-11661 1 Mindwerks 1 Wildmidi 2025-04-20 N/A
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11662 1 Mindwerks 1 Wildmidi 2025-04-20 N/A
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11663 1 Mindwerks 1 Wildmidi 2025-04-20 N/A
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11664 1 Mindwerks 1 Wildmidi 2025-04-20 6.5 Medium
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
CVE-2017-11665 1 Ffmpeg 1 Ffmpeg 2025-04-20 N/A
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
CVE-2017-11666 1 Kopano 1 Webapp 2025-04-20 N/A
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
CVE-2017-11667 1 Openproject 1 Openproject 2025-04-20 N/A
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
CVE-2017-11668 1 Eapmd5pass Project 1 Eapmd5pass 2025-04-20 N/A
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.
CVE-2017-11669 1 Eapmd5pass Project 1 Eapmd5pass 2025-04-20 N/A
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain circumstances by generating specially crafted network traffic.
CVE-2017-11670 1 Eapmd5pass Project 1 Eapmd5pass 2025-04-20 N/A
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic.
CVE-2017-11671 2 Gnu, Redhat 2 Gcc, Enterprise Linux 2025-04-20 N/A
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation.