The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-14386 | The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | MEDIUM | Dec 7, 2017 |
| CVE-2017-14385 | An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution. | MEDIUM | Dec 20, 2017 |
| CVE-2017-14384 | In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability. | MEDIUM | Mar 22, 2018 |
| CVE-2017-14383 | In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application. | MEDIUM | Jan 4, 2018 |
| CVE-2017-14382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-14381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 |
| CVE-2017-14380 | In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. | HIGH | Dec 13, 2017 |
| CVE-2017-14379 | EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | LOW | Nov 28, 2017 |
| CVE-2017-14378 | EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an Error Handling Vulnerability. | HIGH | Nov 29, 2017 |
| CVE-2017-14377 | EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. | HIGH | Nov 29, 2017 |
| CVE-2017-14376 | EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | HIGH | Nov 1, 2017 |
| CVE-2017-14375 | EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. | HIGH | Nov 1, 2017 |
| CVE-2017-14374 | The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | HIGH | Dec 5, 2017 |
| CVE-2017-14373 | EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | MEDIUM | Nov 1, 2017 |
| CVE-2017-14372 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | MEDIUM | Oct 11, 2017 |
| CVE-2017-14371 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | MEDIUM | Oct 11, 2017 |
| CVE-2017-14370 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | LOW | Oct 11, 2017 |
| CVE-2017-14369 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. | MEDIUM | Oct 11, 2017 |
| CVE-2017-14363 | Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | LOW | Dec 21, 2017 |
| CVE-2017-14362 | Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | MEDIUM | Dec 12, 2017 |
| CVE-2017-14361 | Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | MEDIUM | Dec 12, 2017 |
| CVE-2017-14360 | A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | MEDIUM | Nov 8, 2017 |
| CVE-2017-14359 | A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. | LOW | Nov 4, 2017 |
| CVE-2017-14358 | A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | MEDIUM | Oct 31, 2017 |
| CVE-2017-14357 | A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) | MEDIUM | Oct 31, 2017 |
| CVE-2017-14356 | An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. | HIGH | Nov 1, 2017 |
| CVE-2017-14355 | A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | HIGH | Dec 6, 2017 |
| CVE-2017-14354 | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | MEDIUM | Oct 5, 2017 |
| CVE-2017-14353 | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | MEDIUM | Oct 5, 2017 |
| CVE-2017-14352 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | Medium | Oct 6, 2017 |
| CVE-2017-14351 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | High | Oct 5, 2017 |
| CVE-2017-14350 | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | High | Oct 5, 2017 |
| CVE-2017-14349 | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | HIGH | Oct 2, 2017 |
| CVE-2017-14348 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14347 | NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14346 | upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | HIGH | Sep 12, 2017 |
| CVE-2017-14345 | SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | HIGH | Sep 12, 2017 |
| CVE-2017-14344 | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | HIGH | Sep 12, 2017 |
| CVE-2017-14343 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14342 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14341 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | HIGH | Sep 12, 2017 |
| CVE-2017-14340 | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | MEDIUM | Sep 19, 2017 |
| CVE-2017-14339 | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | HIGH | Sep 20, 2017 |
| CVE-2017-14337 | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14335 | On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14333 | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during readelf -a execution. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14332 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | MEDIUM | Oct 23, 2017 |
| CVE-2017-14331 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the exsh restricted shell protection mechanism and obtain an interactive shell. | HIGH | Oct 23, 2017 |
| CVE-2017-14330 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | HIGH | Oct 23, 2017 |
| CVE-2017-14329 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | HIGH | Oct 23, 2017 |
