Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2017-09-01 CVE-2017-12692 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-09-01 CVE-2017-12691 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
network
low complexity
imagemagick canonical CWE-770
6.5
2017-08-31 CVE-2017-0902 Origin Validation Error vulnerability in multiple products
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
network
high complexity
rubygems debian canonical redhat CWE-346
8.1
2017-08-31 CVE-2017-0901 Improper Input Validation vulnerability in multiple products
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
network
low complexity
rubygems debian canonical redhat CWE-20
7.5
2017-08-31 CVE-2017-14064 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call.
network
low complexity
ruby-lang debian canonical redhat CWE-119
critical
9.8
2017-08-31 CVE-2017-14060 NULL Pointer Dereference vulnerability in multiple products
In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
network
low complexity
imagemagick canonical CWE-476
6.5
2017-08-30 CVE-2017-13769 Out-of-bounds Read vulnerability in multiple products
The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.
network
low complexity
imagemagick canonical debian CWE-125
6.5
2017-08-30 CVE-2017-13768 NULL Pointer Dereference vulnerability in multiple products
Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.
network
low complexity
imagemagick debian canonical CWE-476
6.5
2017-08-28 CVE-2017-12877 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
network
low complexity
imagemagick debian canonical CWE-416
6.5
2017-08-25 CVE-2015-1395 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a ..
network
low complexity
fedoraproject canonical gnu CWE-22
7.5