setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.