CVEs from 2017
Total
11,796
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
14.0%
% with KEV
0.7%
% with exploit
0.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-13063 | medium | 6.5 | 6.5 | 9y ago | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | |
| CVE-2017-13062 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via … | |
| CVE-2017-13061 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exh… | |
| CVE-2017-13060 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-13059 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) … | |
| CVE-2017-13058 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-7424 | medium | 6.5 | 6.5 | 9y ago | A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote auth… | |
| CVE-2017-12966 | medium | 6.5 | 6.5 | 9y ago | The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. | |
| CVE-2017-12967 | medium | 6.5 | 6.5 | 9y ago | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer… | |
| CVE-2017-12957 | medium | 6.5 | 6.5 | 9y ago | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | |
| CVE-2017-12956 | medium | 6.5 | 6.5 | 9y ago | There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. | |
| CVE-2017-6778 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnera… | |
| CVE-2017-12445 | medium | 6.5 | 6.5 | 9y ago | The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |
| CVE-2017-12444 | medium | 6.5 | 6.5 | 9y ago | The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |
| CVE-2017-12443 | medium | 6.5 | 6.5 | 9y ago | The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |
| CVE-2017-12442 | medium | 6.5 | 6.5 | 9y ago | The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |
| CVE-2017-12441 | medium | 6.5 | 6.5 | 9y ago | The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | |
| CVE-2017-11664 | medium | 6.5 | 6.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |
| CVE-2017-11663 | medium | 6.5 | 6.5 | 9y ago | The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |
| CVE-2017-12855 | medium | 6.5 | 6.5 | 9y ago | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is fre… | |
| CVE-2017-11149 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary loc… | |
| CVE-2017-3122 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-3118 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious … | |
| CVE-2017-3115 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a P… | |
| CVE-2017-11265 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphi… | |
| CVE-2017-11258 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11255 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11252 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphi… | |
| CVE-2017-11249 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11248 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11246 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11245 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11244 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11243 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine.… | |
| CVE-2017-11242 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11239 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11238 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11236 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal han… | |
| CVE-2017-11233 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11232 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanc… | |
| CVE-2017-11230 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 en… | |
| CVE-2017-11217 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conver… | |
| CVE-2017-11210 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing… | |
| CVE-2017-11209 | medium | 6.5 | 6.5 | 9y ago | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when re… | |
| CVE-2017-11148 | medium | 6.5 | 6.5 | 9y ago | Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | |
| CVE-2017-11368 | medium | 6.5 | 6.5 | 9y ago | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |
| CVE-2017-8652 | medium | 6.5 | 6.5 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |
| CVE-2017-0174 | medium | 6.5 | 6.5 | 9y ago | Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a… | |
| CVE-2017-3634 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnera… | |
| CVE-2017-3633 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit… | |
| CVE-2017-3562 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Eas… | |
| CVE-2017-10243 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:… | |
| CVE-2017-10216 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Hospitality Property Interfaces component of Oracle Hospitality Applications (subcomponent: Parser). The supported version that is affected is 8.10.x. Easily exploitable vulnerab… | |
| CVE-2017-10212 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). The supported version that is affected is 8.10.x. Easily exploitable vulnerability all… | |
| CVE-2017-10183 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, … | |
| CVE-2017-10179 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.… | |
| CVE-2017-10157 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2… | |
| CVE-2017-10131 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 1… | |
| CVE-2017-10103 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |
| CVE-2017-10084 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 1… | |
| CVE-2017-10047 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows … | |
| CVE-2017-10038 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2,… | |
| CVE-2017-10023 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1… | |
| CVE-2017-10006 | medium | 6.5 | 6.5 | 9y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an… | |
| CVE-2017-6872 | medium | 6.5 | 6.5 | 9y ago | A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored… | |
| CVE-2017-6866 | medium | 6.5 | 6.5 | 9y ago | A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the … | |
| CVE-2017-12676 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12675 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to c… | |
| CVE-2017-12674 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12673 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12672 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12671 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause … | |
| CVE-2017-12670 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of s… | |
| CVE-2017-12654 | medium | 6.5 | 6.5 | 9y ago | The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. | |
| CVE-2017-12643 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. | |
| CVE-2017-7916 | medium | 6.5 | 6.5 | 9y ago | A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web a… | |
| CVE-2017-6759 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnera… | |
| CVE-2017-6758 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root dir… | |
| CVE-2017-6754 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, … | |
| CVE-2017-6665 | medium | 6.5 | 6.5 | 9y ago | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an … | |
| CVE-2017-12586 | medium | 6.5 | 6.5 | 9y ago | SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users. | |
| CVE-2017-12566 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage i… | |
| CVE-2017-12565 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12564 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12563 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12434 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyIm… | |
| CVE-2017-12433 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memor… | |
| CVE-2017-12432 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12431 | medium | 6.5 | 6.5 | 9y ago | In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12427 | medium | 6.5 | 6.5 | 9y ago | The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to th… | |
| CVE-2017-1504 | medium | 6.5 | 6.5 | 9y ago | IBM WebSphere Application Server version 9.0.0.4 could provide weaker than expected security after using the PasswordUtil command to enable AES password encryption. IBM X-Force ID: 129579. | |
| CVE-2017-7890 | medium | 6.5 | 6.5 | 9y ago | The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A… | |
| CVE-2017-11437 | medium | 6.5 | 6.5 | 9y ago | GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read reposi… | |
| CVE-2017-11356 | medium | 6.5 | 6.5 | 9y ago | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by lever… | |
| CVE-2017-12145 | medium | 6.5 | 6.5 | 9y ago | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-12143 | medium | 6.5 | 6.5 | 9y ago | In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-12140 | medium | 6.5 | 6.5 | 9y ago | The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. | |
| CVE-2017-4922 | medium | 6.5 | 6.5 | 9y ago | VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. … | |
| CVE-2017-11136 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of mes… | |
| CVE-2017-11134 | medium | 6.5 | 6.5 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them. |