# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
23601 |
CVE-2017-14616 |
400 |
|
|
2017-09-20 |
2017-10-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible. |
23602 |
CVE-2017-14615 |
79 |
|
XSS |
2017-09-20 |
2017-10-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. |
23603 |
CVE-2017-14614 |
22 |
|
Dir. Trav. |
2017-10-09 |
2017-11-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. |
23604 |
CVE-2017-14612 |
295 |
|
+Info |
2018-07-12 |
2018-09-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
23605 |
CVE-2017-14611 |
918 |
|
|
2018-04-10 |
2018-05-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. |
23606 |
CVE-2017-14610 |
665 |
|
Exec Code |
2017-09-20 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. |
23607 |
CVE-2017-14609 |
665 |
|
Exec Code |
2017-09-20 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. |
23608 |
CVE-2017-14608 |
125 |
|
|
2017-09-20 |
2017-09-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. |
23609 |
CVE-2017-14607 |
125 |
|
|
2017-09-20 |
2019-04-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. |
23610 |
CVE-2017-14604 |
20 |
|
Exec Code |
2017-09-20 |
2018-01-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. |
23611 |
CVE-2017-14603 |
200 |
|
+Info |
2017-10-09 |
2017-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. |
23612 |
CVE-2017-14602 |
287 |
|
|
2017-09-26 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. |
23613 |
CVE-2017-14601 |
89 |
|
Sql |
2017-09-19 |
2017-09-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. |
23614 |
CVE-2017-14600 |
89 |
|
Sql |
2017-09-19 |
2017-09-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. |
23615 |
CVE-2017-14596 |
90 |
|
|
2017-09-20 |
2017-09-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. |
23616 |
CVE-2017-14595 |
|
|
|
2017-09-20 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. |
23617 |
CVE-2017-14594 |
79 |
|
XSS |
2018-01-12 |
2018-02-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter. |
23618 |
CVE-2017-14593 |
77 |
|
Exec Code |
2018-01-25 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability |
23619 |
CVE-2017-14592 |
77 |
|
Exec Code |
2018-01-25 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability. |
23620 |
CVE-2017-14591 |
88 |
|
Exec Code |
2017-11-29 |
2017-12-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software. |
23621 |
CVE-2017-14590 |
|
|
Exec Code |
2017-12-13 |
2019-10-02 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. |
23622 |
CVE-2017-14589 |
20 |
|
Exec Code |
2017-12-13 |
2018-01-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. |
23623 |
CVE-2017-14588 |
79 |
|
XSS |
2017-10-11 |
2017-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. |
23624 |
CVE-2017-14586 |
119 |
|
Exec Code Overflow |
2017-11-27 |
2017-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability. |
23625 |
CVE-2017-14585 |
918 |
|
Exec Code |
2017-11-27 |
2017-12-20 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected. |
23626 |
CVE-2017-14583 |
20 |
|
DoS |
2017-12-18 |
2018-01-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. |
23627 |
CVE-2017-14582 |
295 |
|
+Info |
2017-09-29 |
2017-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. |
23628 |
CVE-2017-14581 |
400 |
|
DoS |
2017-09-19 |
2018-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. |
23629 |
CVE-2017-14580 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f." |
23630 |
CVE-2017-14579 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70." |
23631 |
CVE-2017-14578 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-11-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4." |
23632 |
CVE-2017-14577 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d." |
23633 |
CVE-2017-14576 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281." |
23634 |
CVE-2017-14575 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c." |
23635 |
CVE-2017-14574 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490." |
23636 |
CVE-2017-14573 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a." |
23637 |
CVE-2017-14572 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b." |
23638 |
CVE-2017-14571 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706." |
23639 |
CVE-2017-14570 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." |
23640 |
CVE-2017-14569 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5." |
23641 |
CVE-2017-14568 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630." |
23642 |
CVE-2017-14567 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b." |
23643 |
CVE-2017-14566 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c." |
23644 |
CVE-2017-14565 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065." |
23645 |
CVE-2017-14564 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657." |
23646 |
CVE-2017-14563 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311." |
23647 |
CVE-2017-14562 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." |
23648 |
CVE-2017-14561 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638." |
23649 |
CVE-2017-14560 |
119 |
|
DoS Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2." |
23650 |
CVE-2017-14559 |
119 |
|
DoS Exec Code Overflow |
2017-09-18 |
2017-09-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2." |