Skip to main content
CVE-2017-7320 MEDIUM POC This Month

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Denial Of Service PHP Modx Revolution
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2016-7541 MEDIUM This Month

Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2014-9809 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2014-9807 MEDIUM PATCH This Month

The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9813 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9811 MEDIUM PATCH This Month

The xwd file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed xwd file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2014-9818 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9816 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9815 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9814 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9812 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9810 MEDIUM PATCH This Month

The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9808 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9806 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9805 MEDIUM PATCH This Month

ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2017-7346 MEDIUM PATCH This Month

The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-5184 MEDIUM This Month

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sentinel
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-7542 MEDIUM This Month

A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2017-6184 MEDIUM This Month

In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sophos Command Injection Web Appliance
NVD
CVSS 3.0
4.7
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy