CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000084 | medium | 6.5 | 6.5 | 9y ago | Parameterized Trigger Plugin fails to check Item/Build permission | |||
| CVE-2017-9792 | medium | 6.5 | 6.5 | 9y ago | In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" a… | |||
| CVE-2017-14997 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |||
| CVE-2017-14994 | medium | 6.5 | 6.5 | 9y ago | ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonN… | |||
| CVE-2017-9797 | medium | 6.5 | 6.5 | 9y ago | Apache Geode vulnerable to Exposure of Sensitive Information | |||
| CVE-2017-14990 | medium | 6.5 | 6.5 | 9y ago | WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack u… | |||
| CVE-2017-14989 | medium | 6.5 | 6.5 | 9y ago | A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from Free… | |||
| CVE-2017-14754 | medium | 6.5 | 6.5 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource… | |||
| CVE-2017-14941 | medium | 6.5 | 6.5 | 9y ago | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and rea… | |||
| CVE-2017-14939 | medium | 5.5 | 6.5 | 9y ago | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a d… | |||
| CVE-2017-13988 | medium | 6.5 | 6.5 | 9y ago | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of st… | |||
| CVE-2017-13987 | medium | 6.5 | 6.5 | 9y ago | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | |||
| CVE-2017-13985 | medium | 6.5 | 6.5 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclos… | |||
| CVE-2017-13984 | medium | 6.5 | 6.5 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet di… | |||
| CVE-2017-8447 | medium | 6.5 | 6.5 | 9y ago | An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete an… | |||
| CVE-2017-12222 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition… | |||
| CVE-2017-14741 | medium | 6.5 | 6.5 | 9y ago | The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | |||
| CVE-2017-7971 | medium | 6.5 | 6.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of out… | |||
| CVE-2017-7970 | medium | 6.5 | 6.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to… | |||
| CVE-2017-14733 | medium | 6.5 | 6.5 | 9y ago | ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and a… | |||
| CVE-2017-14731 | medium | 6.5 | 6.5 | 9y ago | ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an of… | |||
| CVE-2017-1235 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. | |||
| CVE-2017-14653 | medium | 6.5 | 6.5 | 9y ago | member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | |||
| CVE-2017-14684 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagi… | |||
| CVE-2017-14645 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote d… | |||
| CVE-2017-14643 | medium | 6.5 | 6.5 | 9y ago | The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE… | |||
| CVE-2017-14642 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPar… | |||
| CVE-2017-14641 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which… | |||
| CVE-2017-14640 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application c… | |||
| CVE-2017-14638 | medium | 6.5 | 6.5 | 9y ago | AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash … | |||
| CVE-2017-14634 | medium | 6.5 | 6.5 | 9y ago | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | |||
| CVE-2017-14633 | medium | 6.5 | 6.5 | 9y ago | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbi… | |||
| CVE-2017-6720 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting… | |||
| CVE-2017-9645 | medium | 6.5 | 6.5 | 9y ago | An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 a… | |||
| CVE-2017-14604 | medium | 6.5 | 6.5 | 9y ago | GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file… | |||
| CVE-2017-14533 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | |||
| CVE-2017-14531 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | |||
| CVE-2017-14528 | medium | 6.5 | 6.5 | 9y ago | The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows re… | |||
| CVE-2017-14505 | medium | 6.5 | 6.5 | 9y ago | DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application cras… | |||
| CVE-2017-14504 | medium | 6.5 | 6.5 | 9y ago | ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | |||
| CVE-2017-14503 | medium | 6.5 | 6.5 | 9y ago | RHSA-2019:3698: libarchive security and bug fix update (Moderate) | |||
| CVE-2017-14501 | medium | 6.5 | 6.5 | 9y ago | RHEA-2021:1580: libarchive bug fix and enhancement update (Moderate) | |||
| CVE-2017-14489 | medium | 5.5 | 6.5 | 9y ago | The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | |||
| CVE-2017-0783 | medium | 6.5 | 6.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | |||
| CVE-2017-13761 | medium | 6.5 | 6.5 | 9y ago | Fastly Magento2 sensitive information disclosure | |||
| CVE-2017-1002100 | medium | 6.5 | 6.5 | 9y ago | Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed witho… | |||
| CVE-2017-1556 | medium | 6.5 | 6.5 | 9y ago | IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13… | |||
| CVE-2017-6330 | medium | 6.5 | 6.5 | 9y ago | Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | |||
| CVE-2017-8687 | medium | 5.5 | 6.5 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-8685 | medium | 5.5 | 6.5 | 9y ago | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure… | |||
| CVE-2017-8684 | medium | 5.5 | 6.5 | 9y ago | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses ke… | |||
| CVE-2017-8683 | medium | 5.5 | 6.5 | 9y ago | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Serve… | |||
| CVE-2017-8681 | medium | 5.5 | 6.5 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-8680 | medium | 5.5 | 6.5 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerab… | |||
| CVE-2017-8678 | medium | 5.5 | 6.5 | 9y ago | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and W… | |||
| CVE-2017-14400 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in … | |||
| CVE-2017-8918 | medium | 5.5 | 6.5 | 9y ago | XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | |||
| CVE-2017-14343 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | |||
| CVE-2017-14342 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | |||
| CVE-2017-14341 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |||
| CVE-2017-1000250 | medium | 6.5 | 6.5 | 9y ago | All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd pr… | |||
| CVE-2017-14318 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the… | |||
| CVE-2017-14326 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-14325 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadM… | |||
| CVE-2017-14324 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-14314 | medium | 6.5 | 6.5 | 9y ago | Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and applicatio… | |||
| CVE-2017-7650 | medium | 6.5 | 6.5 | 9y ago | In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that… | |||
| CVE-2017-14249 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial … | |||
| CVE-2017-14248 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-8040 | medium | 6.5 | 6.5 | 9y ago | In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service das… | |||
| CVE-2017-14223 | medium | 6.5 | 6.5 | 9y ago | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large … | |||
| CVE-2017-14222 | medium | 6.5 | 6.5 | 9y ago | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_c… | |||
| CVE-2017-0792 | medium | 6.5 | 6.5 | 9y ago | A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. | |||
| CVE-2017-12071 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via th… | |||
| CVE-2017-11162 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | |||
| CVE-2017-9095 | medium | 5.5 | 6.5 | 9y ago | XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. | |||
| CVE-2017-6793 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulne… | |||
| CVE-2017-6792 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is … | |||
| CVE-2017-12225 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixati… | |||
| CVE-2017-12224 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even t… | |||
| CVE-2017-14175 | medium | 6.5 | 6.5 | 9y ago | In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and co… | |||
| CVE-2017-14174 | medium | 6.5 | 6.5 | 9y ago | In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large … | |||
| CVE-2017-14173 | medium | 6.5 | 6.5 | 9y ago | In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smalle… | |||
| CVE-2017-14172 | medium | 6.5 | 6.5 | 9y ago | In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" fi… | |||
| CVE-2017-14171 | medium | 6.5 | 6.5 | 9y ago | In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a l… | |||
| CVE-2017-14170 | medium | 6.5 | 6.5 | 9y ago | In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims… | |||
| CVE-2017-14166 | medium | 6.5 | 6.5 | 9y ago | RHEA-2021:1580: libarchive bug fix and enhancement update (Moderate) | |||
| CVE-2017-14165 | medium | 6.5 | 6.5 | 9y ago | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote den… | |||
| CVE-2017-14139 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. | |||
| CVE-2017-14132 | medium | 6.5 | 6.5 | 9y ago | JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900.14, 1.900.15, 1.900.16, 1.900.17, 1.900.18, 1.900.19, 1.900.20, 1.900.21, 1.900.22, 1.900.23, 1.900.24, 1.900.25, 1.900.26, 1.90… | |||
| CVE-2017-14114 | medium | 6.5 | 6.5 | 9y ago | RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers… | |||
| CVE-2017-12693 | medium | 6.5 | 6.5 | 9y ago | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | |||
| CVE-2017-12692 | medium | 6.5 | 6.5 | 9y ago | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | |||
| CVE-2017-12691 | medium | 6.5 | 6.5 | 9y ago | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-14107 | medium | 6.5 | 6.5 | 9y ago | The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in … | |||
| CVE-2017-14060 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixel… | |||
| CVE-2017-14059 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but… | |||
| CVE-2017-14058 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite l… | |||
| CVE-2017-14057 | medium | 6.5 | 6.5 | 9y ago | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" … | |||
| CVE-2017-14056 | medium | 6.5 | 6.5 | 9y ago | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "… |