Skip to main content
CVE-2016-10504 MEDIUM POC PATCH This Month

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Openjpeg
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
6.1%
CVE-2017-13776 MEDIUM POC PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-14042 MEDIUM POC PATCH This Month

A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Graphicsmagick
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-10506 MEDIUM PATCH This Month

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
4.3%
CVE-2017-13775 MEDIUM PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2017-13777 MEDIUM PATCH This Month

GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2017-13768 MEDIUM PATCH This Month

Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2016-10505 MEDIUM PATCH This Month

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2017-13769 MEDIUM PATCH This Month

The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2016-10507 MEDIUM PATCH This Month

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-9945 MEDIUM This Month

In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Siemens Information Disclosure 7Km Pac Switched Ethernet Profinet Expansion Module Firmware
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-6800 MEDIUM This Month

The default configuration of the Apache OFBiz framework offers a blog functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Ofbiz
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2017-13762 MEDIUM This Month

ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onos
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-1443 MEDIUM PATCH This Month

IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Emptoris Services Procurement
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-13778 MEDIUM PATCH This Month

Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Fiyo Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14037 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14036 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-14038 MEDIUM This Month

CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Crushftp
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-5001 MEDIUM PATCH This Month

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Hadoop
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1441 MEDIUM PATCH This Month

IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Emptoris Services Procurement
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-1446 MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2017-1445 MEDIUM This Month

IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Emptoris Spend Analysis
NVD
CVSS 3.0
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy