CVEs from 2017
Total
11,933
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.8%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-15917 | medium | 6.5 | 6.5 | 9y ago | In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. | |
| CVE-2017-1212 | medium | 6.5 | 6.5 | 9y ago | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. | |
| CVE-2017-15186 | medium | 6.5 | 6.5 | 9y ago | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. | |
| CVE-2017-7106 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It all… | |
| CVE-2017-7085 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address … | |
| CVE-2017-15639 | medium | 6.5 | 6.5 | 9y ago | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | |
| CVE-2017-10427 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.11, 6.5.11, 7.0.6, 7.1.6… | |
| CVE-2017-10421 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |
| CVE-2017-10384 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily expl… | |
| CVE-2017-10379 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Ea… | |
| CVE-2017-10378 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. … | |
| CVE-2017-10344 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Difficult to exploit… | |
| CVE-2017-10343 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Import/Export). Supported versions that are affected are 2.8 and 2.9. Easily exploitable v… | |
| CVE-2017-10316 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable … | |
| CVE-2017-10280 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exp… | |
| CVE-2017-10276 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnera… | |
| CVE-2017-10261 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker … | |
| CVE-2017-10167 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low… | |
| CVE-2017-10152 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable… | |
| CVE-2017-10077 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.… | |
| CVE-2017-15611 | medium | 6.5 | 6.5 | 9y ago | In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges. | |
| CVE-2017-15610 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an att… | |
| CVE-2017-15359 | medium | 6.5 | 6.5 | 9y ago | In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInf… | |
| CVE-2017-15593 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | |
| CVE-2017-15591 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of… | |
| CVE-2017-15589 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a… | |
| CVE-2017-15583 | medium | 6.5 | 6.5 | 9y ago | The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not valida… | |
| CVE-2017-14009 | medium | 6.5 | 6.5 | 9y ago | An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password… | |
| CVE-2017-15277 | medium | 6.5 | 6.5 | 9y ago | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected … | |
| CVE-2017-15232 | medium | 6.5 | 6.5 | 9y ago | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | |
| CVE-2017-1538 | medium | 6.5 | 6.5 | 9y ago | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | |
| CVE-2017-15218 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | |
| CVE-2017-15217 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | |
| CVE-2017-12623 | medium | 6.5 | 6.5 | 9y ago | XML External Entity Reference in Apache NiFi | |
| CVE-2017-14614 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary… | |
| CVE-2017-15084 | medium | 6.5 | 6.5 | 9y ago | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | |
| CVE-2017-12268 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Inter… | |
| CVE-2017-12256 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on… | |
| CVE-2017-1000104 | medium | 6.5 | 6.5 | 9y ago | Improper Privilege Management in Jenkins Config File Provider Plugin | |
| CVE-2017-1000101 | medium | 6.5 | 6.5 | 9y ago | curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numeri… | |
| CVE-2017-1000100 | medium | 6.5 | 6.5 | 9y ago | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the b… | |
| CVE-2017-1000099 | medium | 6.5 | 6.5 | 9y ago | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (st… | |
| CVE-2017-1000095 | medium | 6.5 | 6.5 | 9y ago | Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin | |
| CVE-2017-1000094 | medium | 6.5 | 6.5 | 9y ago | Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs | |
| CVE-2017-1000085 | medium | 6.5 | 6.5 | 9y ago | Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability | |
| CVE-2017-1000084 | medium | 6.5 | 6.5 | 9y ago | Parameterized Trigger Plugin fails to check Item/Build permission | |
| CVE-2017-9792 | medium | 6.5 | 6.5 | 9y ago | In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" a… | |
| CVE-2017-14997 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |
| CVE-2017-14994 | medium | 6.5 | 6.5 | 9y ago | ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonN… | |
| CVE-2017-9797 | medium | 6.5 | 6.5 | 9y ago | Apache Geode vulnerable to Exposure of Sensitive Information | |
| CVE-2017-14990 | medium | 6.5 | 6.5 | 9y ago | WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack u… | |
| CVE-2017-14989 | medium | 6.5 | 6.5 | 9y ago | A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from Free… | |
| CVE-2017-14754 | medium | 6.5 | 6.5 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource… | |
| CVE-2017-14941 | medium | 6.5 | 6.5 | 9y ago | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and rea… | |
| CVE-2017-13988 | medium | 6.5 | 6.5 | 9y ago | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of st… | |
| CVE-2017-13987 | medium | 6.5 | 6.5 | 9y ago | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | |
| CVE-2017-13985 | medium | 6.5 | 6.5 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclos… | |
| CVE-2017-13984 | medium | 6.5 | 6.5 | 9y ago | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet di… | |
| CVE-2017-8447 | medium | 6.5 | 6.5 | 9y ago | An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete an… | |
| CVE-2017-12222 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition… | |
| CVE-2017-14841 | medium | 6.5 | 6.5 | 9y ago | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | |
| CVE-2017-14741 | medium | 6.5 | 6.5 | 9y ago | The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | |
| CVE-2017-7971 | medium | 6.5 | 6.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of out… | |
| CVE-2017-7970 | medium | 6.5 | 6.5 | 9y ago | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to… | |
| CVE-2017-14733 | medium | 6.5 | 6.5 | 9y ago | ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and a… | |
| CVE-2017-14731 | medium | 6.5 | 6.5 | 9y ago | ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an of… | |
| CVE-2017-1235 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. | |
| CVE-2017-14653 | medium | 6.5 | 6.5 | 9y ago | member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | |
| CVE-2017-14684 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagi… | |
| CVE-2017-14645 | medium | 6.5 | 6.5 | 9y ago | A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote d… | |
| CVE-2017-14643 | medium | 6.5 | 6.5 | 9y ago | The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE… | |
| CVE-2017-14642 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPar… | |
| CVE-2017-14641 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which… | |
| CVE-2017-14640 | medium | 6.5 | 6.5 | 9y ago | A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application c… | |
| CVE-2017-14638 | medium | 6.5 | 6.5 | 9y ago | AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash … | |
| CVE-2017-14634 | medium | 6.5 | 6.5 | 9y ago | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | |
| CVE-2017-14633 | medium | 6.5 | 6.5 | 9y ago | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbi… | |
| CVE-2017-6720 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting… | |
| CVE-2017-9645 | medium | 6.5 | 6.5 | 9y ago | An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 a… | |
| CVE-2017-14604 | medium | 6.5 | 6.5 | 9y ago | GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file… | |
| CVE-2017-14533 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | |
| CVE-2017-14531 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | |
| CVE-2017-14528 | medium | 6.5 | 6.5 | 9y ago | The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows re… | |
| CVE-2017-14505 | medium | 6.5 | 6.5 | 9y ago | DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application cras… | |
| CVE-2017-14504 | medium | 6.5 | 6.5 | 9y ago | ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | |
| CVE-2017-14503 | medium | 6.5 | 6.5 | 9y ago | libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | |
| CVE-2017-14501 | medium | 6.5 | 6.5 | 9y ago | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_… | |
| CVE-2017-0785 | medium | 6.5 | 6.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |
| CVE-2017-0783 | medium | 6.5 | 6.5 | 9y ago | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | |
| CVE-2017-13761 | medium | 6.5 | 6.5 | 9y ago | Fastly Magento2 sensitive information disclosure | |
| CVE-2017-1002100 | medium | 6.5 | 6.5 | 9y ago | Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed witho… | |
| CVE-2017-1556 | medium | 6.5 | 6.5 | 9y ago | IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13… | |
| CVE-2017-6330 | medium | 6.5 | 6.5 | 9y ago | Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | |
| CVE-2017-14400 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in … | |
| CVE-2017-14343 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. | |
| CVE-2017-14342 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. | |
| CVE-2017-14341 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. | |
| CVE-2017-1000250 | medium | 6.5 | 6.5 | 9y ago | All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd pr… | |
| CVE-2017-14318 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the… | |
| CVE-2017-14326 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. |