Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-22 CVE-2017-7225 NULL Pointer Dereference vulnerability in GNU Binutils 2.28
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
network
low complexity
gnu CWE-476
7.5
7.5
2017-03-22 CVE-2017-7224 Out-of-bounds Write vulnerability in GNU Binutils 2.28
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
local
low complexity
gnu CWE-787
5.5
5.5
2017-03-22 CVE-2017-7223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
network
low complexity
gnu CWE-119
7.5
7.5
2017-03-22 CVE-2017-6971 Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.
network
low complexity
alienvault nfsen CWE-74
8.8
8.8
2017-03-22 CVE-2017-6970 OS Command Injection vulnerability in multiple products
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.
local
low complexity
alienvault nfsen CWE-78
8.4
8.4
2017-03-22 CVE-2014-9840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
local
low complexity
imagemagick CWE-119
5.5
5.5
2017-03-22 CVE-2014-9839 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access).
network
low complexity
imagemagick CWE-119
7.5
7.5
2017-03-22 CVE-2014-9838 Unspecified vulnerability in Imagemagick 6.8.99
magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash).
local
low complexity
imagemagick
5.5
5.5
2017-03-22 CVE-2014-9836 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
local
low complexity
imagemagick CWE-119
5.5
5.5
2017-03-22 CVE-2014-9835 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Imagemagick 6.8.99
Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file.
local
low complexity
imagemagick CWE-119
7.8
7.8