The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-14723 | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | HIGH | Sep 23, 2017 | n/a |
| CVE-2017-14722 | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | MEDIUM | Sep 23, 2017 | n/a |
| CVE-2017-14721 | Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | MEDIUM | Sep 23, 2017 | n/a |
| CVE-2017-14720 | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | MEDIUM | Sep 23, 2017 | n/a |
| CVE-2017-14719 | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | MEDIUM | Sep 23, 2017 | n/a |
| CVE-2017-14718 | Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | MEDIUM | Sep 23, 2017 | n/a |
| CVE-2017-14717 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14716 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14715 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14714 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14713 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14712 | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | LOW | Sep 22, 2017 | n/a |
| CVE-2017-14711 | The Kickbase GmbH Kickbase Bundesliga Manager app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. | MEDIUM | Nov 13, 2017 | n/a |
| CVE-2017-14710 | The Shein Group Ltd. \"SHEIN - Fashion Shopping\" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | MEDIUM | Oct 3, 2019 | n/a |
| CVE-2017-14709 | The komoot GmbH Komoot - Cycling & Hiking Maps app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | MEDIUM | Jul 12, 2018 | n/a |
| CVE-2017-14706 | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | HIGH | Sep 22, 2017 | n/a |
| CVE-2017-14705 | DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | HIGH | Sep 22, 2017 | n/a |
| CVE-2017-14704 | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | Medium | Oct 10, 2017 | n/a |
| CVE-2017-14703 | SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | High | Oct 6, 2017 | n/a |
| CVE-2017-14702 | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to com.branaghgroup.ecers.update.UpdateRequest object deserialization. | High | Oct 6, 2017 | n/a |
| CVE-2017-14699 | Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request. | MEDIUM | Jan 29, 2018 | n/a |
| CVE-2017-14698 | ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp. | MEDIUM | Jan 29, 2018 | n/a |
| CVE-2017-14696 | SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. | MEDIUM | Oct 24, 2017 | n/a |
| CVE-2017-14695 | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. | HIGH | Oct 24, 2017 | n/a |
| CVE-2017-14694 | Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14693 | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14692 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14691 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14690 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14689 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14688 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14687 | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f on Windows. This occurs because of mishandling of XML tag name comparisons. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14686 | Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14685 | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61 on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | MEDIUM | Sep 22, 2017 | n/a |
| CVE-2017-14684 | In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. | HIGH | Sep 21, 2017 | n/a |
| CVE-2017-14683 | geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | MEDIUM | Oct 17, 2019 | n/a |
| CVE-2017-14682 | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | MEDIUM | Sep 21, 2017 | n/a |
| CVE-2017-14681 | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a kill `cat /pathname/p3scan.pid` command, as demonstrated by etc/init.d/p3scan. | LOW | Sep 21, 2017 | n/a |
| CVE-2017-14680 | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | MEDIUM | Sep 21, 2017 | n/a |
| CVE-2017-14679 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14678 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14677 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14676 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14675 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14674 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14673 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14672 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14671 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14670 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2017-14669 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 | n/a |
