| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15976 | Cri | 0.74 | 9.8 | 0.93 | Jan 6, 2020 | Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information… | ||
| CVE-2019-15975 | Cri | 0.74 | 9.8 | 0.86 | Jan 6, 2020 | Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information… | ||
| CVE-2019-19628 | Cri | 0.64 | 9.8 | 0.04 | Jan 5, 2020 | In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. | ||
| CVE-2020-5499 | Cri | 0.64 | 9.8 | 0.03 | Jan 4, 2020 | Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. | ||
| CVE-2014-8516 | Cri | 0.73 | 9.8 | 0.82 | Jan 3, 2020 | Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||
| CVE-2014-8337 | Cri | 0.64 | 9.8 | 0.05 | Jan 3, 2020 | Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the… | ||
| CVE-2012-5878 | Cri | 0.67 | 9.8 | 0.09 | Jan 3, 2020 | Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to… | ||
| CVE-2019-11994 | Cri | 0.64 | 9.8 | 0.07 | Jan 3, 2020 | A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell… | ||
| CVE-2019-19088 | Cri | 0.64 | 9.8 | 0.02 | Jan 3, 2020 | Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. | ||
| CVE-2019-20330 | — | Cri | 0.57 | 9.8 | 0.09 | Jan 3, 2020 | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | |
| CVE-2020-5312 | — | Cri | 0.57 | 9.8 | 0.04 | Jan 3, 2020 | libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |
| CVE-2020-5311 | — | Cri | 0.57 | 9.8 | 0.04 | Jan 3, 2020 | libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | |
| CVE-2016-1000027 | — | Cri | 0.59 | 9.8 | 0.32 | Jan 2, 2020 | Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.… | |
| CVE-2014-0011 | Cri | 0.57 | 9.8 | 0.02 | Jan 2, 2020 | Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen… | ||
| CVE-2013-3941 | Cri | 0.64 | 9.8 | 0.03 | Jan 2, 2020 | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer… | ||
| CVE-2014-0048 | Cri | 0.64 | 9.8 | 0.07 | Jan 2, 2020 | An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | ||
| CVE-2019-14859 | — | Cri | 0.52 | 9.1 | 0.02 | Jan 2, 2020 | A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could… | |
| CVE-2019-10158 | — | Cri | 0.57 | 9.8 | 0.02 | Jan 2, 2020 | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling. | |
| CVE-2013-7070 | Cri | 0.57 | 9.8 | 0.04 | Dec 31, 2019 | The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI. | ||
| CVE-2004-2776 | Cri | 0.64 | 9.8 | 0.04 | Dec 31, 2019 | go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter. | ||
| CVE-2019-3984 | Cri | 0.64 | 9.8 | 0.04 | Dec 31, 2019 | Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet. | ||
| CVE-2019-7162 | Cri | 0.59 | 9.1 | 0.04 | Dec 31, 2019 | An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation. | ||
| CVE-2019-7478 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2019 | A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1. | ||
| CVE-2019-13445 | Cri | 0.00 | 9.8 | 0.02 | Dec 30, 2019 | An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line. | ||
| CVE-2019-19735 | Cri | 0.59 | 9.1 | 0.01 | Dec 30, 2019 | class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing. | ||
| CVE-2019-17621 | Cri | 0.86 | 9.8 | 0.90 | KEV | Dec 30, 2019 | The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | |
| CVE-2019-10774 | — | Cri | 0.57 | 9.8 | 0.05 | Dec 30, 2019 | php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2019-16535 | Cri | 0.64 | 9.8 | 0.02 | Dec 30, 2019 | In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | ||
| CVE-2014-5289 | Cri | 0.68 | 9.8 | 0.12 | Dec 27, 2019 | Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | ||
| CVE-2019-20049 | Cri | 0.65 | 9.8 | 0.13 | Dec 27, 2019 | An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the… | ||
| CVE-2013-5027 | Cri | 0.57 | 9.8 | 0.01 | Dec 27, 2019 | Collabtive 1.0 has incorrect access control | ||
| CVE-2007-0158 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2019 | thttpd 2007 has buffer underflow. | ||
| CVE-2013-4982 | Cri | 0.68 | 9.8 | 0.13 | Dec 27, 2019 | AVTECH AVN801 DVR has a security bypass via the administration login captcha | ||
| CVE-2013-4976 | Cri | 0.70 | 9.8 | 0.36 | Dec 27, 2019 | Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | ||
| CVE-2013-4743 | Cri | 0.67 | 9.8 | 0.08 | Dec 27, 2019 | Static HTTP Server 1.0 has a Local Overflow | ||
| CVE-2013-4621 | Cri | 0.64 | 9.8 | 0.02 | Dec 27, 2019 | Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | ||
| CVE-2019-19781 | Cri | 0.93 | 9.8 | 1.00 | KEV | Dec 27, 2019 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | |
| CVE-2019-20041 | Cri | 0.00 | 9.8 | 0.05 | Dec 27, 2019 | wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | ||
| CVE-2013-3088 | Cri | 0.64 | 9.8 | 0.02 | Dec 26, 2019 | Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | ||
| CVE-2013-3085 | Cri | 0.64 | 9.8 | 0.02 | Dec 26, 2019 | An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | ||
| CVE-2019-19398 | Cri | 0.64 | 9.8 | 0.01 | Dec 26, 2019 | M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may… | ||
| CVE-2019-16327 | Cri | 0.64 | 9.8 | 0.02 | Dec 26, 2019 | D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | ||
| CVE-2019-19977 | Cri | 0.64 | 9.8 | 0.03 | Dec 26, 2019 | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | ||
| CVE-2019-10758 | — | Cri | 0.12 | 9.9 | 0.85 | KEV | Dec 24, 2019 | mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. |
| CVE-2019-19953 | Cri | 0.59 | 9.1 | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. | ||
| CVE-2019-19952 | Cri | 0.64 | 9.8 | 0.02 | Dec 24, 2019 | In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage. | ||
| CVE-2019-19951 | Cri | 0.64 | 9.8 | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. | ||
| CVE-2019-19950 | Cri | 0.64 | 9.8 | 0.03 | Dec 24, 2019 | In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | ||
| CVE-2019-19949 | Cri | 0.59 | 9.1 | 0.03 | Dec 24, 2019 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | ||
| CVE-2019-19948 | Cri | 0.64 | 9.8 | 0.04 | Dec 24, 2019 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. |
- risk 0.74cvss 9.8epss 0.93
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information…
- risk 0.74cvss 9.8epss 0.86
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information…
- risk 0.64cvss 9.8epss 0.04
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
- risk 0.64cvss 9.8epss 0.03
Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.
- risk 0.73cvss 9.8epss 0.82
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
- risk 0.64cvss 9.8epss 0.05
Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the…
- risk 0.67cvss 9.8epss 0.09
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to…
- risk 0.64cvss 9.8epss 0.07
A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell…
- risk 0.64cvss 9.8epss 0.02
Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal.
- risk 0.57cvss 9.8epss 0.09
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
- risk 0.57cvss 9.8epss 0.04
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
- risk 0.57cvss 9.8epss 0.04
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
- risk 0.59cvss 9.8epss 0.32
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required.…
- risk 0.57cvss 9.8epss 0.02
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen…
- risk 0.64cvss 9.8epss 0.03
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer…
- risk 0.64cvss 9.8epss 0.07
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
- risk 0.52cvss 9.1epss 0.02
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could…
- risk 0.57cvss 9.8epss 0.02
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
- risk 0.57cvss 9.8epss 0.04
The handle_request function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI.
- risk 0.64cvss 9.8epss 0.04
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
- risk 0.64cvss 9.8epss 0.04
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when the device retrieves updates scripts from the internet.
- risk 0.59cvss 9.1epss 0.04
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
- risk 0.64cvss 9.8epss 0.01
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1.
- risk 0.00cvss 9.8epss 0.02
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.
- risk 0.59cvss 9.1epss 0.01
class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.
- risk 0.86cvss 9.8epss 0.90
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
- risk 0.57cvss 9.8epss 0.05
php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
- risk 0.68cvss 9.8epss 0.12
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
- risk 0.65cvss 9.8epss 0.13
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the…
- risk 0.57cvss 9.8epss 0.01
Collabtive 1.0 has incorrect access control
- risk 0.64cvss 9.8epss 0.01
thttpd 2007 has buffer underflow.
- risk 0.68cvss 9.8epss 0.13
AVTECH AVN801 DVR has a security bypass via the administration login captcha
- risk 0.70cvss 9.8epss 0.36
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
- risk 0.67cvss 9.8epss 0.08
Static HTTP Server 1.0 has a Local Overflow
- risk 0.64cvss 9.8epss 0.02
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities
- risk 0.93cvss 9.8epss 1.00
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
- risk 0.00cvss 9.8epss 0.05
wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring.
- risk 0.64cvss 9.8epss 0.02
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging".
- risk 0.64cvss 9.8epss 0.02
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2.
- risk 0.64cvss 9.8epss 0.01
M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may…
- risk 0.64cvss 9.8epss 0.02
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product.
- risk 0.64cvss 9.8epss 0.03
libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.
- risk 0.12cvss 9.9epss 0.85
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
- risk 0.59cvss 9.1epss 0.03
In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c.
- risk 0.64cvss 9.8epss 0.02
In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function MngInfoDiscardObject of coders/png.c, related to ReadOneMNGImage.
- risk 0.64cvss 9.8epss 0.03
In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c.
- risk 0.64cvss 9.8epss 0.03
In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c.
- risk 0.59cvss 9.1epss 0.03
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.
- risk 0.64cvss 9.8epss 0.04
In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.