|
247251
|
6.5 |
MEDIUM
Network
|
libquicktime
|
libquicktime
|
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9123
|
2024-11-21 12:35 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247252
|
6.5 |
MEDIUM
Network
|
libquicktime
|
libquicktime
|
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9122
|
2024-11-21 12:35 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247253
|
5.6 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return valu…
|
NVD-CWE-noinfo
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9330
|
2024-11-21 12:35 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247254
|
5.6 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the ini…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9310
|
2024-11-21 12:35 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247255
|
7.5 |
HIGH
Network
|
strongswan
|
strongswan
|
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted c…
|
NVD-CWE-noinfo
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9023
|
2024-11-21 12:35 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247256
|
7.5 |
HIGH
Network
|
strongswan
debian
canonical
|
strongswan
debian_linux
ubuntu_linux
|
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and …
|
CWE-20
Improper Input Validation
|
CVE-2017-9022
|
2024-11-21 12:35 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247257
|
7.4 |
HIGH
Network
|
subsonic
|
subsonic
|
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-9355
|
2024-11-21 12:35 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247258
|
6.1 |
MEDIUM
Network
|
pivotx
|
pivotx
|
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9332
|
2024-11-21 12:35 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247259
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9380
|
2024-11-21 12:35 |
2017-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247260
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashb…
|
CWE-352
Origin Validation Error
|
CVE-2017-9379
|
2024-11-21 12:35 |
2017-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
