# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
19951 |
CVE-2017-14293 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." |
19952 |
CVE-2017-14292 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e." |
19953 |
CVE-2017-14291 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8." |
19954 |
CVE-2017-14290 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d." |
19955 |
CVE-2017-14289 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e." |
19956 |
CVE-2017-14288 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7." |
19957 |
CVE-2017-14287 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb." |
19958 |
CVE-2017-14286 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c." |
19959 |
CVE-2017-14285 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b." |
19960 |
CVE-2017-14284 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c." |
19961 |
CVE-2017-14283 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4." |
19962 |
CVE-2017-14282 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862." |
19963 |
CVE-2017-14281 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1." |
19964 |
CVE-2017-14280 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d." |
19965 |
CVE-2017-14279 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643." |
19966 |
CVE-2017-14278 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940." |
19967 |
CVE-2017-14277 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956." |
19968 |
CVE-2017-14276 |
119 |
|
DoS Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe." |
19969 |
CVE-2017-14275 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-13 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." |
19970 |
CVE-2017-14274 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706." |
19971 |
CVE-2017-14273 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0." |
19972 |
CVE-2017-14272 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d." |
19973 |
CVE-2017-14271 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e." |
19974 |
CVE-2017-14270 |
119 |
|
DoS Exec Code Overflow |
2017-09-11 |
2017-09-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010." |
19975 |
CVE-2017-14269 |
200 |
|
Bypass +Info |
2017-09-11 |
2017-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. |
19976 |
CVE-2017-14268 |
79 |
|
XSS |
2017-09-11 |
2017-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. |
19977 |
CVE-2017-14267 |
352 |
|
CSRF |
2017-09-11 |
2017-09-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. |
19978 |
CVE-2017-14266 |
119 |
|
Overflow |
2017-09-12 |
2017-09-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. |
19979 |
CVE-2017-14261 |
119 |
|
Overflow |
2017-09-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. |
19980 |
CVE-2017-14260 |
119 |
|
Exec Code Overflow |
2017-09-11 |
2018-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. |
19981 |
CVE-2017-14259 |
119 |
|
Exec Code Overflow |
2017-09-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. |
19982 |
CVE-2017-14258 |
119 |
|
Exec Code Overflow |
2017-09-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. |
19983 |
CVE-2017-14257 |
119 |
|
Overflow |
2017-09-11 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. |
19984 |
CVE-2017-14251 |
434 |
|
Exec Code |
2017-09-11 |
2017-12-03 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. |
19985 |
CVE-2017-14250 |
20 |
|
|
2017-10-31 |
2017-11-22 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the "Wireless Settings" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required. |
19986 |
CVE-2017-14249 |
369 |
|
DoS |
2017-09-11 |
2019-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. |
19987 |
CVE-2017-14248 |
125 |
|
DoS |
2017-09-11 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. |
19988 |
CVE-2017-14246 |
125 |
|
|
2017-09-21 |
2019-06-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. |
19989 |
CVE-2017-14245 |
125 |
|
|
2017-09-21 |
2019-06-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. |
19990 |
CVE-2017-14241 |
79 |
|
XSS |
2017-09-11 |
2017-09-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. |
19991 |
CVE-2017-14240 |
200 |
|
+Info |
2017-09-11 |
2017-09-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. |
19992 |
CVE-2017-14239 |
79 |
|
XSS |
2017-09-11 |
2017-09-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. |
19993 |
CVE-2017-14232 |
399 |
|
DoS |
2019-08-15 |
2019-08-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file. |
19994 |
CVE-2017-14231 |
20 |
|
DoS |
2017-09-10 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. |
19995 |
CVE-2017-14230 |
20 |
|
DoS +Info |
2017-09-10 |
2017-09-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. |
19996 |
CVE-2017-14229 |
835 |
|
DoS |
2017-09-09 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. |
19997 |
CVE-2017-14228 |
476 |
|
DoS |
2017-09-09 |
2019-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. |
19998 |
CVE-2017-14227 |
125 |
|
DoS |
2017-09-09 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. |
19999 |
CVE-2017-14226 |
125 |
|
DoS |
2017-09-09 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. |
20000 |
CVE-2017-14225 |
476 |
|
|
2017-09-09 |
2017-11-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) |