Skip to main content
CVE-2017-12642 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-6756 HIGH This Week

A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Prime Collaboration Provisioning
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-12669 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12668 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12667 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-12641 HIGH PATCH This Week

ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12662 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12665 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12664 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12663 HIGH PATCH This Week

ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2017-12651 HIGH This Week

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF PHP Loginizer
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-6419 HIGH PATCH This Week

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libmspack
NVD GitHub
CVSS 3.0
7.8
EPSS
2.3%
CVE-2015-7887 HIGH PATCH This Week

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Snapcenter Server
NVD
CVSS 3.0
8.1
EPSS
0.1%
CVE-2014-1235 HIGH PATCH This Week

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Graphviz
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2017-6763 HIGH This Week

A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2017-7920 HIGH This Week

An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Vsn300 Firmware Vsn300 For React Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-9801 HIGH PATCH This Week

When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Commons Email
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2014-3462 HIGH This Week

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Encfs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2017-6752 HIGH This Week

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Software
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2016-6220 HIGH PATCH This Week

Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-6745 HIGH This Week

A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Videoscape Distribution Suite For Television
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2015-1378 HIGH This Week

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian Privilege Escalation Grml Debootstrap Bootstrap
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-6664 HIGH This Week

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Ios Xe
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-7875 HIGH This Week

ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ctools
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-6766 HIGH This Week

A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firesight System Software
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-7850 MEDIUM PATCH This Month

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ntp Debian Linux Oncommand Balance Oncommand Performance Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2016-3113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ovirt Engine
NVD
CVSS 3.1
6.1
EPSS
4.0%
CVE-2015-7702 MEDIUM This Month

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ntp Linux Debian Linux Oncommand Performance Manager +9
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2017-6758 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Unified Communications Manager
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2017-12643 MEDIUM PATCH This Month

ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2017-9647 MEDIUM This Month

A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow S Gold 2 Pmb 8876
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-12670 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-7916 MEDIUM This Month

A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb Privilege Escalation Vsn300 Firmware Vsn300 For React Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-6759 MEDIUM This Month

A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-6754 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Smart Net Total Care Collector Appliance
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12674 MEDIUM PATCH This Month

In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-12675 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12672 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12671 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12654 MEDIUM PATCH This Month

The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6866 MEDIUM This Month

A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Authentication Bypass Xhq Server
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-12676 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-12673 MEDIUM PATCH This Month

In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6665 MEDIUM This Month

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure iOS Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2015-7852 MEDIUM PATCH This Month

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Ntp Debian Linux Oncommand Balance Oncommand Performance Manager +10
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2017-7936 MEDIUM This Month

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Stack Overflow Vybrid Mvf30Nn151Cku26 Firmware Vybrid Mvf30Ns151Cku26 Firmware Vybrid Mvf50Nn151Cmk40 Firmware +24
NVD
CVSS 3.0
6.3
EPSS
0.2%
CVE-2017-12649 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12648 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12647 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-12646 MEDIUM PATCH This Month

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Liferay Portal
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy