The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-14260 | In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14259 | In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14258 | In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14257 | In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14252 | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | HIGH | Sep 11, 2017 | n/a |
| CVE-2017-14251 | Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14250 | In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the Wireless Settings is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required. | MEDIUM | Oct 31, 2017 | n/a |
| CVE-2017-14249 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14248 | A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14247 | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | HIGH | Sep 11, 2017 | n/a |
| CVE-2017-14246 | An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | MEDIUM | Sep 21, 2017 | n/a |
| CVE-2017-14245 | An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | MEDIUM | Sep 21, 2017 | n/a |
| CVE-2017-14244 | An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | HIGH | Sep 20, 2017 | n/a |
| CVE-2017-14243 | An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. | HIGH | Sep 19, 2017 | n/a |
| CVE-2017-14242 | SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | HIGH | Sep 11, 2017 | n/a |
| CVE-2017-14241 | Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | LOW | Sep 11, 2017 | n/a |
| CVE-2017-14240 | There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. | MEDIUM | Sep 11, 2017 | n/a |
| CVE-2017-14239 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | LOW | Sep 11, 2017 | n/a |
| CVE-2017-14238 | SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | HIGH | Sep 11, 2017 | n/a |
| CVE-2017-14232 | The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. | MEDIUM | Aug 26, 2019 | n/a |
| CVE-2017-14231 | GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | MEDIUM | Sep 10, 2017 | n/a |
| CVE-2017-14230 | In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST Other Users' command. | MEDIUM | Sep 10, 2017 | n/a |
| CVE-2017-14229 | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14228 | In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14227 | In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14226 | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14225 | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14224 | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | MEDIUM | Sep 8, 2017 | n/a |
| CVE-2017-14223 | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large ict field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | HIGH | Sep 8, 2017 | n/a |
| CVE-2017-14222 | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large item_count field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | HIGH | Sep 8, 2017 | n/a |
| CVE-2017-14219 | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an airbase-ng -e command. | MEDIUM | Sep 9, 2017 | n/a |
| CVE-2017-14208 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14207 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14206 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14205 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14204 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14203 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14202 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | -- | Aug 29, 2019 | n/a |
| CVE-2017-14201 | Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all. | MEDIUM | Sep 4, 2019 | n/a |
| CVE-2017-14200 | Rejected reason: Unused CVE for 2017 | -- | Nov 7, 2023 | n/a |
| CVE-2017-14199 | A buffer overflow has been found in the Zephyr Project\'s getaddrinfo() implementation in 1.9.0 and 1.10.0. | -- | Apr 12, 2019 | n/a |
| CVE-2017-14198 | An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. | MEDIUM | Nov 29, 2017 | n/a |
| CVE-2017-14197 | An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins. | MEDIUM | Nov 29, 2017 | n/a |
| CVE-2017-14196 | An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed. | MEDIUM | Nov 29, 2017 | n/a |
| CVE-2017-14195 | The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. | MEDIUM | Sep 7, 2017 | n/a |
| CVE-2017-14194 | The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | MEDIUM | Sep 7, 2017 | n/a |
| CVE-2017-14193 | The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | MEDIUM | Sep 7, 2017 | n/a |
| CVE-2017-14192 | The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | MEDIUM | Sep 7, 2017 | n/a |
| CVE-2017-14191 | An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under Signed Security Mode, allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. | MEDIUM | Mar 21, 2018 | n/a |
| CVE-2017-14190 | A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted Host header in user HTTP requests. | MEDIUM | Jan 29, 2018 | n/a |
