Search Results (6762 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12433 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
CVE-2017-12429 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
CVE-2017-12427 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
CVE-2017-12418 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.
CVE-2017-11310 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
CVE-2017-13648 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
CVE-2017-13069 1 Qnap 1 Music Station 2025-04-20 N/A
QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.
CVE-2017-13062 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
CVE-2017-14930 1 Gnu 1 Binutils 2025-04-20 N/A
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-14343 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2025-04-20 N/A
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-13058 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-10347 4 Debian, Netapp, Oracle and 1 more 33 Debian Linux, Active Iq Unified Manager, Cloud Backup and 30 more 2025-04-20 5.3 Medium
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2017-10348 4 Debian, Netapp, Oracle and 1 more 33 Debian Linux, Active Iq Unified Manager, Cloud Backup and 30 more 2025-04-20 5.3 Medium
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2017-10349 4 Debian, Netapp, Oracle and 1 more 33 Debian Linux, Active Iq Unified Manager, Cloud Backup and 30 more 2025-04-20 5.3 Medium
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2017-11752 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2016-10098 1 Sendquick 4 Avera Sms Gateway, Avera Sms Gateway Firmware, Entera Sms Gateway and 1 more 2025-04-20 N/A
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.
CVE-2017-10350 4 Debian, Netapp, Oracle and 1 more 33 Debian Linux, Active Iq Unified Manager, Cloud Backup and 30 more 2025-04-20 5.3 Medium
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2017-5507 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 7.5 High
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache.
CVE-2014-9118 1 Dasanzhone 2 Znid 2426a, Znid 2426a Firmware 2025-04-20 N/A
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
CVE-2016-9683 1 Dell 1 Sonicwall Secure Remote Access Server 2025-04-20 N/A
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.