IDCVSSSummaryLast (major) updatePublished
CVE-2017-13134 None
In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.
22-08-2017 - 23:29 22-08-2017 - 23:29
CVE-2017-13133 None
In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.
22-08-2017 - 23:29 22-08-2017 - 23:29
CVE-2017-13132 None
In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream
22-08-2017 - 23:29 22-08-2017 - 23:29
CVE-2017-13131 None
In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.
22-08-2017 - 23:29 22-08-2017 - 23:29
CVE-2017-13130 None
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
22-08-2017 - 20:29 22-08-2017 - 20:29
CVE-2017-1422 None
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412.
22-08-2017 - 15:29 22-08-2017 - 15:29
CVE-2017-5208 None
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of executi
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2016-6311 None
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2016-6310 None
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2016-4460 None
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2016-2102 None
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2015-6473 None
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2015-6472 None
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2015-5258 None
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
22-08-2017 - 14:29 22-08-2017 - 14:29
CVE-2017-12787 None
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug
22-08-2017 - 13:29 22-08-2017 - 13:29
CVE-2017-12786 None
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug wh
22-08-2017 - 13:29 22-08-2017 - 13:29
CVE-2017-12785 None
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role)
22-08-2017 - 13:29 22-08-2017 - 13:29
CVE-2015-3617 None
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2015-2857 None
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2014-6189 None
Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web sc
22-08-2017 - 11:29 22-08-2017 - 11:29
CVE-2017-7557 None
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
22-08-2017 - 10:29 22-08-2017 - 10:29
CVE-2017-12843 None
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
22-08-2017 - 10:29 22-08-2017 - 10:29
CVE-2017-13066 4.3
GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13065 4.3
GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13064 4.3
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13063 4.3
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13062 4.3
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13061 4.3
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13060 4.3
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13059 4.3
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-13058 4.3
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
22-08-2017 - 02:29 22-08-2017 - 02:29
CVE-2017-8037 None
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgra
21-08-2017 - 18:29 21-08-2017 - 18:29
CVE-2017-6329 None
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending
21-08-2017 - 16:29 21-08-2017 - 16:29
CVE-2017-7424 None
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-7423 None
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge request
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-7422 None
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-7421 None
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-7420 None
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows rem
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-5187 None
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Ho
21-08-2017 - 11:29 21-08-2017 - 11:29
CVE-2017-12984 None
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12983 None
Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12982 None
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12981 None
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12980 None
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. Th
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12979 None
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12978 3.5
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12784 None
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many
21-08-2017 - 03:29 21-08-2017 - 03:29
CVE-2017-12977 None
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is e
20-08-2017 - 21:29 20-08-2017 - 21:29
CVE-2017-11366 None
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
20-08-2017 - 21:29 20-08-2017 - 21:29
CVE-2017-12976 None
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-20
20-08-2017 - 16:29 20-08-2017 - 16:29
Back to Top Mark selected
Back to Top