Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file.
Published Mar 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted wpg file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
Published Mar 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (application crash) via a crafted viff file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
Published Mar 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
Published Mar 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
Published Mar 20, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.
Published Mar 17, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
Published Mar 27, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability
Published Mar 18, 2016 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file.
Published Mar 22, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
Published Mar 17, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
Published Mar 30, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
Published Mar 30, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.
Published Mar 16, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,".
Published Mar 31, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere 7.8.3 before Hotfix 02 and 7.8.4 before Hotfix 01 allow remote attackers to inject arbitrary web script or HTML via the (1) ReportName (Job Name) parameter to the Explorer report scheduler (cgi-bin/WsCgiExplorerSchedule.exe) in the Job Queue or the col parameter to the (2) Names or (3) Anonymous (explorer_wse/explorer_anon.exe) summary report page.
Published Mar 25, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.
Published Mar 9, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.
Published Mar 31, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
Published Mar 12, 2017 · Updated Aug 6, 2024
Unknown · CVSS Not scored
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Published Mar 30, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
Published Mar 10, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
Published Mar 30, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
Published Mar 2, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.
Published Mar 31, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
Published Mar 9, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.
Published Mar 14, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.
Published Mar 3, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 allow remote attackers to cause a denial of service (device restart) via crafted packets.
Published Mar 7, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php.
Published Mar 23, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
Published Mar 31, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
Published Mar 29, 2015 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
Published Mar 25, 2019 · Updated Aug 6, 2024