CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11368 | medium | 6.5 | 6.5 | 9y ago | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |||
| CVE-2017-0174 | medium | 6.5 | 6.5 | 9y ago | Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a… | |||
| CVE-2017-3634 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnera… | |||
| CVE-2017-3633 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit… | |||
| CVE-2017-3562 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Eas… | |||
| CVE-2017-10243 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:… | |||
| CVE-2017-10216 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerab… | |||
| CVE-2017-10212 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability all… | |||
| CVE-2017-10183 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, … | |||
| CVE-2017-10179 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.… | |||
| CVE-2017-10157 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2… | |||
| CVE-2017-10131 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |||
| CVE-2017-10103 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-10084 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 1… | |||
| CVE-2017-10047 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows … | |||
| CVE-2017-10038 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2,… | |||
| CVE-2017-10023 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… | |||
| CVE-2017-10006 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |||
| CVE-2017-6872 | medium | 6.5 | 6.5 | 9y ago | A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored… | |||
| CVE-2017-6866 | medium | 6.5 | 6.5 | 9y ago | A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the … | |||
| CVE-2017-12676 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12675 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to c… | |||
| CVE-2017-12674 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12673 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12672 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12671 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause … | |||
| CVE-2017-12670 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of s… | |||
| CVE-2017-12654 | medium | 6.5 | 6.5 | 9y ago | The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-12643 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. | |||
| CVE-2017-7916 | medium | 6.5 | 6.5 | 9y ago | A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web a… | |||
| CVE-2017-6759 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnera… | |||
| CVE-2017-6758 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root dir… | |||
| CVE-2017-6754 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, … | |||
| CVE-2017-6665 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an … | |||
| CVE-2017-12586 | medium | 6.5 | 6.5 | 9y ago | SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | |||
| CVE-2017-12566 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage i… | |||
| CVE-2017-12565 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12564 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12563 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12434 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyIm… | |||
| CVE-2017-12433 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memor… | |||
| CVE-2017-12432 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12431 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |||
| CVE-2017-12427 | medium | 6.5 | 6.5 | 9y ago | The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to th… | |||
| CVE-2017-1504 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | |||
| CVE-2017-7890 | medium | 6.5 | 6.5 | 9y ago | The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A… | |||
| CVE-2017-11437 | medium | 6.5 | 6.5 | 9y ago | GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read reposi… | |||
| CVE-2017-12145 | medium | 6.5 | 6.5 | 9y ago | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-12143 | medium | 6.5 | 6.5 | 9y ago | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-12140 | medium | 6.5 | 6.5 | 9y ago | The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. | |||
| CVE-2017-4922 | medium | 6.5 | 6.5 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. … | |||
| CVE-2017-11136 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of mes… | |||
| CVE-2017-11134 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them. | |||
| CVE-2017-11548 | medium | 5.5 | 6.5 | 9y ago | The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file. | |||
| CVE-2017-11359 | medium | 5.5 | 6.5 | 9y ago | The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conve… | |||
| CVE-2017-11358 | medium | 5.5 | 6.5 | 9y ago | The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. | |||
| CVE-2017-11333 | medium | 5.5 | 6.5 | 9y ago | The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file. | |||
| CVE-2017-11332 | medium | 5.5 | 6.5 | 9y ago | The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. | |||
| CVE-2017-11331 | medium | 5.5 | 6.5 | 9y ago | The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. | |||
| CVE-2017-11330 | medium | 5.5 | 6.5 | 9y ago | The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFix++ v0.34 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted avi fil… | |||
| CVE-2017-9477 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |||
| CVE-2017-9476 | medium | 6.5 | 6.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eM… | |||
| CVE-2017-11755 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo… | |||
| CVE-2017-11754 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. | |||
| CVE-2017-11753 | medium | 6.5 | 6.5 | 9y ago | The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transp… | |||
| CVE-2017-11752 | medium | 6.5 | 6.5 | 9y ago | The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11751 | medium | 6.5 | 6.5 | 9y ago | The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-11750 | medium | 6.5 | 6.5 | 9y ago | The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | |||
| CVE-2017-11724 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures. | |||
| CVE-2017-6260 | medium | 6.5 | 6.5 | 9y ago | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. | |||
| CVE-2017-11722 | medium | 6.5 | 6.5 | 9y ago | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the … | |||
| CVE-2017-11705 | medium | 6.5 | 6.5 | 9y ago | A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-11704 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-11703 | medium | 6.5 | 6.5 | 9y ago | A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9412 | medium | 5.5 | 6.5 | 9y ago | The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | |||
| CVE-2017-9260 | medium | 5.5 | 6.5 | 9y ago | The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application c… | |||
| CVE-2017-9259 | medium | 5.5 | 6.5 | 9y ago | The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application cra… | |||
| CVE-2017-9258 | medium | 5.5 | 6.5 | 9y ago | The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wa… | |||
| CVE-2017-11683 | medium | 6.5 | 6.5 | 9y ago | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||
| CVE-2017-11644 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. | |||
| CVE-2017-11640 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | |||
| CVE-2017-11639 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in Mag… | |||
| CVE-2017-11613 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not chec… | |||
| CVE-2017-8919 | medium | 6.5 | 6.5 | 9y ago | NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password informat… | |||
| CVE-2017-11457 | medium | 6.5 | 6.5 | 9y ago | XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attac… | |||
| CVE-2017-11327 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/cont… | |||
| CVE-2017-11608 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11605 | medium | 6.5 | 6.5 | 9y ago | There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11540 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | |||
| CVE-2017-11539 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. | |||
| CVE-2017-11538 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. | |||
| CVE-2017-11537 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel… | |||
| CVE-2017-11536 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. | |||
| CVE-2017-11535 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. | |||
| CVE-2017-11534 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. | |||
| CVE-2017-11533 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | |||
| CVE-2017-11532 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. | |||
| CVE-2017-11531 | medium | 6.5 | 6.5 | 9y ago | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. | |||
| CVE-2017-11530 | medium | 6.5 | 6.5 | 9y ago | The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||
| CVE-2017-11529 | medium | 6.5 | 6.5 | 9y ago | The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. |