Export limit exceeded: 24763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9149 | 1 Metadata Anonymisation Toolkit Project | 1 Metadata Anonymisation Toolkit | 2025-04-20 | N/A |
| Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. | ||||
| CVE-2017-9150 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. | ||||
| CVE-2017-9188 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | ||||
| CVE-2017-9242 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | ||||
| CVE-2017-9245 | 1 Google | 1 News And Weather | 2025-04-20 | N/A |
| The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | ||||
| CVE-2017-9263 | 2 Openvswitch, Redhat | 3 Openvswitch, Enterprise Linux, Openstack | 2025-04-20 | N/A |
| In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch. | ||||
| CVE-2017-9272 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2025-04-20 | N/A |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | ||||
| CVE-2017-9303 | 1 Laravel | 1 Laravel | 2025-04-20 | N/A |
| Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | ||||
| CVE-2017-9333 | 1 Openwebif Project | 1 Openwebif | 2025-04-20 | N/A |
| OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access. | ||||
| CVE-2017-9334 | 1 Call-cc | 1 Chicken | 2025-04-20 | 7.5 High |
| An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it. | ||||
| CVE-2017-9350 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. | ||||
| CVE-2017-9353 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | ||||
| CVE-2017-9354 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | ||||
| CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | N/A |
| An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | ||||
| CVE-2017-9393 | 1 Ca | 2 Identity Manager, Identity Manager Virtual Appliance | 2025-04-20 | N/A |
| CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | ||||
| CVE-2017-9457 | 1 Compulab | 2 Intense Pc, Intense Pc Firmware | 2025-04-20 | N/A |
| Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. | ||||
| CVE-2017-9476 | 2 Cisco, Commscope | 4 Dpc3939, Dpc3939 Firmware, Arris Tg1682g and 1 more | 2025-04-20 | 6.5 Medium |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. | ||||
| CVE-2017-9477 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot. | ||||
| CVE-2017-9478 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. | ||||
| CVE-2017-9480 | 1 Cisco | 2 Dpc3939, Dpc3939 Firmware | 2025-04-20 | N/A |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to /var/IGD/. | ||||