Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-18 CVE-2016-7996 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphicsmagick
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
network
low complexity
graphicsmagick CWE-119
critical
9.8
2017-01-18 CVE-2016-7982 Path Traversal vulnerability in Spip
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
network
low complexity
spip CWE-22
7.5
2017-01-18 CVE-2016-7981 Cross-site Scripting vulnerability in Spip
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
network
low complexity
spip CWE-79
6.1
2017-01-18 CVE-2016-7980 Cross-Site Request Forgery (CSRF) vulnerability in Spip
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request.
network
low complexity
spip CWE-352
8.8
2017-01-18 CVE-2016-7906 Use After Free vulnerability in multiple products
magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file.
local
low complexity
imagemagick debian CWE-416
5.5
2017-01-18 CVE-2016-7799 Out-of-bounds Read vulnerability in multiple products
MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
network
low complexity
imagemagick debian CWE-125
6.5
2017-01-18 CVE-2016-7564 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mujs
Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.
network
low complexity
artifex CWE-119
7.5
2017-01-18 CVE-2016-7563 Out-of-bounds Read vulnerability in Artifex Mujs
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.
network
low complexity
artifex CWE-125
7.5
2017-01-18 CVE-2016-7150 Cross-site Scripting vulnerability in B2Evolution
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
network
low complexity
b2evolution CWE-79
5.4
2017-01-18 CVE-2016-7149 Cross-site Scripting vulnerability in B2Evolution
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
network
low complexity
b2evolution CWE-79
6.1