CVEs from 2017
Total
11,679
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9499 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9461 | medium | 6.5 | 6.5 | 9y ago | smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling sym… | |||
| CVE-2017-9440 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9439 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9416 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | |||
| CVE-2017-9409 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9408 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9407 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9406 | medium | 6.5 | 6.5 | 9y ago | In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9405 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9404 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-9403 | medium | 6.5 | 6.5 | 9y ago | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | |||
| CVE-2017-0896 | medium | 6.5 | 6.5 | 9y ago | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite ot… | |||
| CVE-2017-9378 | medium | 6.5 | 6.5 | 9y ago | BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have… | |||
| CVE-2017-7999 | medium | 6.5 | 6.5 | 9y ago | Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | |||
| CVE-2017-9307 | medium | 6.5 | 6.5 | 9y ago | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | |||
| CVE-2017-8782 | medium | 6.5 | 6.5 | 9y ago | The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This … | |||
| CVE-2017-2308 | medium | 6.5 | 6.5 | 9y ago | An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device. | |||
| CVE-2017-9295 | medium | 6.5 | 6.5 | 9y ago | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | |||
| CVE-2017-9287 | medium | 6.5 | 6.5 | 9y ago | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged … | |||
| CVE-2017-9263 | medium | 6.5 | 6.5 | 9y ago | In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` i… | |||
| CVE-2017-9262 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-9261 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8537 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8536 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-8535 | medium | 5.5 | 6.5 | 9y ago | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2017-9239 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage wi… | |||
| CVE-2017-9216 | medium | 6.5 | 6.5 | 9y ago | libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will c… | |||
| CVE-2017-9207 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |||
| CVE-2017-9206 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image,… | |||
| CVE-2017-9205 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |||
| CVE-2017-9204 | medium | 6.5 | 6.5 | 9y ago | The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, relat… | |||
| CVE-2017-9203 | medium | 6.5 | 6.5 | 9y ago | imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. | |||
| CVE-2017-9202 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |||
| CVE-2017-9201 | medium | 6.5 | 6.5 | 9y ago | imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |||
| CVE-2017-8379 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generati… | |||
| CVE-2017-9150 | medium | 5.5 | 6.5 | 9y ago | The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which all… | |||
| CVE-2017-9144 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |||
| CVE-2017-9143 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | |||
| CVE-2017-9142 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||
| CVE-2017-9141 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function … | |||
| CVE-2017-6982 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2017-2511 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web s… | |||
| CVE-2017-2509 | medium | 5.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a c… | |||
| CVE-2017-2495 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a de… | |||
| CVE-2017-6637 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |||
| CVE-2017-6636 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. T… | |||
| CVE-2017-6635 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected syste… | |||
| CVE-2017-9116 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | |||
| CVE-2017-9114 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | |||
| CVE-2017-9112 | medium | 6.5 | 6.5 | 9y ago | OpenEXR invalid read | |||
| CVE-2017-9110 | medium | 6.5 | 6.5 | 9y ago | In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | |||
| CVE-2017-9094 | medium | 6.5 | 6.5 | 9y ago | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||
| CVE-2017-9093 | medium | 6.5 | 6.5 | 9y ago | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||
| CVE-2017-9083 | medium | 6.5 | 6.5 | 9y ago | poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation … | |||
| CVE-2017-7433 | medium | 6.5 | 6.5 | 9y ago | An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr… | |||
| CVE-2017-4012 | medium | 6.5 | 6.5 | 9y ago | Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP re… | |||
| CVE-2017-9025 | medium | 6.5 | 6.5 | 9y ago | Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HT… | |||
| CVE-2017-7479 | medium | 6.5 | 6.5 | 9y ago | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |||
| CVE-2017-5655 | medium | 6.5 | 6.5 | 9y ago | In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the ho… | |||
| CVE-2017-0064 | medium | 6.5 | 6.5 | 9y ago | A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." | |||
| CVE-2017-7472 | medium | 5.5 | 6.5 | 9y ago | The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring cal… | |||
| CVE-2017-6865 | medium | 6.5 | 6.5 | 9y ago | A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS… | |||
| CVE-2017-2681 | medium | 6.5 | 6.5 | 9y ago | Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to re… | |||
| CVE-2017-2680 | medium | 6.5 | 6.5 | 9y ago | Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the sys… | |||
| CVE-2017-8878 | medium | 6.5 | 6.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | |||
| CVE-2017-8877 | medium | 6.5 | 6.5 | 9y ago | ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||
| CVE-2017-8875 | medium | 6.5 | 6.5 | 9y ago | CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL. | |||
| CVE-2017-5527 | medium | 6.5 | 6.5 | 9y ago | TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier cont… | |||
| CVE-2017-8848 | medium | 6.5 | 6.5 | 9y ago | Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | |||
| CVE-2017-8830 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8765 | medium | 6.5 | 6.5 | 9y ago | The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. | |||
| CVE-2017-8458 | medium | 6.5 | 6.5 | 9y ago | Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.exampl… | |||
| CVE-2017-7216 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | |||
| CVE-2017-8112 | medium | 6.5 | 6.5 | 9y ago | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |||
| CVE-2017-8086 | medium | 6.5 | 6.5 | 9y ago | Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors inv… | |||
| CVE-2017-7440 | medium | 6.5 | 6.5 | 9y ago | Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjackin… | |||
| CVE-2017-8401 | medium | 6.5 | 6.5 | 9y ago | In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attacke… | |||
| CVE-2017-6564 | medium | 6.5 | 6.5 | 9y ago | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This … | |||
| CVE-2017-8365 | medium | 6.5 | 6.5 | 9y ago | The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8363 | medium | 6.5 | 6.5 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | |||
| CVE-2017-8362 | medium | 6.5 | 6.5 | 9y ago | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | |||
| CVE-2017-8357 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8356 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8355 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8354 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8353 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8352 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8351 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8350 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8349 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8348 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8347 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8346 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8345 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8344 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8343 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | |||
| CVE-2017-8327 | medium | 6.5 | 6.5 | 9y ago | The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. | |||
| CVE-2017-7644 | medium | 6.5 | 6.5 | 9y ago | The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging inco… | |||
| CVE-2017-2098 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. |