CVE-2017-14604
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-14604
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNOME Nautilus 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNOME Nautilus是一款用于GNOME桌面环境中的文件管理器。 GNOME Nautilus 3.23.90之前的版本中存在安全漏洞。攻击者可通过使用.desktop文件扩展名利用该漏洞伪造文件类型。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-14604
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-14604
Please Login to view more intelligence information
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268x_refsource_MISC
- https://github.com/freedomofpress/securedrop/issues/2238x_refsource_MISC
- https://bugzilla.gnome.org/show_bug.cgi?id=777991x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-14604
Same Patch Batch · n/a · 2017-09-20 · 46 CVEs total
| CVE-2015-5179 | Red Hat FreeIPA 安全漏洞 | |
| CVE-2015-8224 | Huawei P8 信息泄露漏洞 | |
| CVE-2017-7924 | 多款Rockwell Automation产品输入验证漏洞 | |
| CVE-2017-9649 | 多款Mirion Technologies产品安全漏洞 | |
| CVE-2017-8770 | Gongjin Electronics BE126 WIFI repeater 安全漏洞 | |
| CVE-2017-8771 | Gongjin Electronics BE126 WIFI repeater 安全漏洞 | |
| CVE-2017-8772 | Gongjin Electronics BE126 WIFI repeater 安全漏洞 | |
| CVE-2017-12168 | Linux kernel 输入验证错误漏洞 | |
| CVE-2017-9645 | 多款Mirion Technologies产品安全漏洞 | |
| CVE-2015-5248 | Red Hat Feedhenry Enterprise Mobile Application Platform 安全漏洞 | |
| CVE-2015-5607 | IPython 跨站请求伪造漏洞 | |
| CVE-2015-4075 | Joomla! Helpdesk Pro插件安全漏洞 | |
| CVE-2015-4074 | Joomla! Helpdesk Pro插件路径遍历漏洞 | |
| CVE-2015-4073 | Joomla! Helpdesk Pro插件SQL注入漏洞 | |
| CVE-2015-4072 | Joomla! Helpdesk Pro插件跨站脚本漏洞 | |
| CVE-2015-1329 | Ubuntu oxide-qt 安全漏洞 | |
| CVE-2017-14608 | LibRaw 安全漏洞 | |
| CVE-2017-14607 | ImageMagick 安全漏洞 | |
| CVE-2017-14610 | Bareos 权限许可和访问控制问题漏洞 | |
| CVE-2017-14609 | Kannel 安全漏洞 |
Showing top 20 of 46 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2017-14604
No comments yet