The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-14355 | A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | HIGH | Dec 6, 2017 |
| CVE-2017-14354 | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | MEDIUM | Oct 5, 2017 |
| CVE-2017-14353 | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | MEDIUM | Oct 5, 2017 |
| CVE-2017-14352 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | Medium | Oct 6, 2017 |
| CVE-2017-14351 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | High | Oct 5, 2017 |
| CVE-2017-14350 | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | High | Oct 5, 2017 |
| CVE-2017-14349 | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | HIGH | Oct 2, 2017 |
| CVE-2017-14348 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14347 | NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14346 | upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | HIGH | Sep 12, 2017 |
| CVE-2017-14345 | SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | HIGH | Sep 12, 2017 |
| CVE-2017-14344 | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | HIGH | Sep 12, 2017 |
| CVE-2017-14343 | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14342 | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14341 | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | HIGH | Sep 12, 2017 |
| CVE-2017-14340 | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | MEDIUM | Sep 19, 2017 |
| CVE-2017-14339 | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | HIGH | Sep 20, 2017 |
| CVE-2017-14337 | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14335 | On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14333 | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during readelf -a execution. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14332 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. | MEDIUM | Oct 23, 2017 |
| CVE-2017-14331 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the exsh restricted shell protection mechanism and obtain an interactive shell. | HIGH | Oct 23, 2017 |
| CVE-2017-14330 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. | HIGH | Oct 23, 2017 |
| CVE-2017-14329 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. | HIGH | Oct 23, 2017 |
| CVE-2017-14328 | Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. | HIGH | Oct 17, 2019 |
| CVE-2017-14327 | Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. | MEDIUM | Oct 23, 2017 |
| CVE-2017-14326 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14325 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. | HIGH | Sep 12, 2017 |
| CVE-2017-14324 | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14323 | SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter. | HIGH | Apr 10, 2018 |
| CVE-2017-14322 | The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value. | HIGH | Oct 18, 2017 |
| CVE-2017-14321 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | LOW | Sep 21, 2017 |
| CVE-2017-14320 | Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | MEDIUM | Sep 21, 2017 |
| CVE-2017-14319 | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | HIGH | Sep 12, 2017 |
| CVE-2017-14318 | An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. | MEDIUM | Sep 12, 2017 |
| CVE-2017-14317 | A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). | MEDIUM | Sep 12, 2017 |
| CVE-2017-14316 | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. | HIGH | Sep 12, 2017 |
| CVE-2017-14315 | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default Bluetooth On value must be present in Settings. | HIGH | Sep 12, 2017 |
| CVE-2017-14314 | Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14313 | The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | MEDIUM | Sep 11, 2017 |
| CVE-2017-14312 | Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | HIGH | Sep 11, 2017 |
| CVE-2017-14311 | The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | MEDIUM | Sep 19, 2017 |
| CVE-2017-14310 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14309 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14308 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14307 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14306 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14305 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14304 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14303 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047. | MEDIUM | Sep 11, 2017 |
