| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9389 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). | ||
| CVE-2016-9387 | Hig | 0.51 | 7.8 | 0.02 | Mar 23, 2017 | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. | ||
| CVE-2016-9276 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2016-9275 | Hig | 0.49 | 7.5 | 0.04 | Mar 23, 2017 | Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | ||
| CVE-2016-8886 | Hig | 0.51 | 7.8 | 0.02 | Mar 23, 2017 | The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. | ||
| CVE-2016-10059 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. | ||
| CVE-2016-10057 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10056 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10055 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10054 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10052 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10051 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10050 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | ||
| CVE-2016-10049 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | ||
| CVE-2016-10048 | Hig | 0.42 | 7.5 | 0.07 | Mar 23, 2017 | Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. | ||
| CVE-2017-7199 | Hig | 0.51 | 7.8 | 0.00 | Mar 23, 2017 | Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. | ||
| CVE-2017-6191 | Hig | 0.54 | 7.8 | 0.07 | Mar 23, 2017 | Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. | ||
| CVE-2017-5227 | Hig | 0.52 | 7.5 | 0.06 | Mar 23, 2017 | QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. | ||
| CVE-2017-5207 | Hig | 0.51 | 7.8 | 0.00 | Mar 23, 2017 | Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument. | ||
| CVE-2016-9775 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2017 | The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before… | ||
| CVE-2016-9774 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2017 | The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before… | ||
| CVE-2016-9167 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2017 | NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | ||
| CVE-2016-5758 | Hig | 0.57 | 8.8 | 0.01 | Mar 23, 2017 | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | ||
| CVE-2016-5754 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2017 | Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. | ||
| CVE-2016-5752 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2017 | The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester. | ||
| CVE-2016-5750 | Hig | 0.57 | 8.8 | 0.01 | Mar 23, 2017 | The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | ||
| CVE-2016-5747 | Hig | 0.49 | 7.5 | 0.02 | Mar 23, 2017 | A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | ||
| CVE-2016-1602 | Hig | 0.51 | 7.8 | 0.01 | Mar 23, 2017 | A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | ||
| CVE-2016-1597 | Hig | 0.57 | 8.8 | 0.01 | Mar 23, 2017 | A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | ||
| CVE-2017-7235 | Hig | 0.57 | 8.8 | 0.02 | Mar 23, 2017 | An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. | ||
| CVE-2017-3864 | Hig | 0.56 | 8.6 | 0.03 | Mar 22, 2017 | A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a… | ||
| CVE-2017-3859 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when… | ||
| CVE-2017-3858 | Hig | 0.57 | 8.8 | 0.03 | Mar 22, 2017 | A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An… | ||
| CVE-2017-3857 | Hig | 0.49 | 7.5 | 0.03 | Mar 22, 2017 | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to… | ||
| CVE-2017-3856 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is… | ||
| CVE-2017-3852 | Hig | 0.53 | 8.1 | 0.03 | Mar 22, 2017 | A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due… | ||
| CVE-2017-3851 | Hig | 0.49 | 7.5 | 0.05 | Mar 22, 2017 | A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the… | ||
| CVE-2017-7231 | Hig | 0.51 | 7.8 | 0.01 | Mar 22, 2017 | pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file. | ||
| CVE-2017-7227 | Hig | 0.49 | 7.5 | 0.03 | Mar 22, 2017 | GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l. | ||
| CVE-2017-7225 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. | ||
| CVE-2017-7223 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. | ||
| CVE-2017-6971 | Hig | 0.61 | 8.8 | 0.16 | Mar 22, 2017 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. | ||
| CVE-2017-6970 | Hig | 0.58 | 8.4 | 0.02 | Mar 22, 2017 | AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. | ||
| CVE-2014-9839 | Hig | 0.49 | 7.5 | 0.02 | Mar 22, 2017 | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | ||
| CVE-2014-9835 | Hig | 0.51 | 7.8 | 0.01 | Mar 22, 2017 | Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | ||
| CVE-2014-9834 | Hig | 0.51 | 7.8 | 0.01 | Mar 22, 2017 | Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | ||
| CVE-2014-9833 | Hig | 0.51 | 7.8 | 0.01 | Mar 22, 2017 | Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | ||
| CVE-2014-9832 | Hig | 0.51 | 7.8 | 0.01 | Mar 22, 2017 | Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. | ||
| CVE-2017-5874 | Hig | 0.57 | 8.8 | 0.01 | Mar 22, 2017 | CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. | ||
| CVE-2017-3849 | Hig | 0.48 | 7.4 | 0.01 | Mar 21, 2017 | A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service… |
- risk 0.49cvss 7.5epss 0.04
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
- risk 0.51cvss 7.8epss 0.02
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.
- risk 0.49cvss 7.5epss 0.04
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.49cvss 7.5epss 0.04
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
- risk 0.51cvss 7.8epss 0.02
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
- risk 0.42cvss 7.5epss 0.07
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue.
- risk 0.54cvss 7.8epss 0.07
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
- risk 0.52cvss 7.5epss 0.06
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
- risk 0.51cvss 7.8epss 0.00
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
- risk 0.51cvss 7.8epss 0.01
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before…
- risk 0.51cvss 7.8epss 0.01
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before…
- risk 0.49cvss 7.5epss 0.01
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL.
- risk 0.57cvss 8.8epss 0.01
A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load.
- risk 0.49cvss 7.5epss 0.01
Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.
- risk 0.49cvss 7.5epss 0.01
The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious "Assertion Consumer Service URL" instead of the original requester.
- risk 0.57cvss 8.8epss 0.01
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users.
- risk 0.49cvss 7.5epss 0.02
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.
- risk 0.51cvss 7.8epss 0.01
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
- risk 0.57cvss 8.8epss 0.01
A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.
- risk 0.56cvss 8.6epss 0.03
A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when…
- risk 0.57cvss 8.8epss 0.03
A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is…
- risk 0.53cvss 8.1epss 0.03
A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due…
- risk 0.49cvss 7.5epss 0.05
A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the…
- risk 0.51cvss 7.8epss 0.01
pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file.
- risk 0.49cvss 7.5epss 0.03
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
- risk 0.49cvss 7.5epss 0.02
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
- risk 0.49cvss 7.5epss 0.02
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
- risk 0.61cvss 8.8epss 0.16
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
- risk 0.58cvss 8.4epss 0.02
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
- risk 0.49cvss 7.5epss 0.02
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
- risk 0.51cvss 7.8epss 0.01
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
- risk 0.51cvss 7.8epss 0.01
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file.
- risk 0.51cvss 7.8epss 0.01
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
- risk 0.51cvss 7.8epss 0.01
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
- risk 0.57cvss 8.8epss 0.01
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
- risk 0.48cvss 7.4epss 0.01
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service…