Vulnerabilities > Debian > Debian Linux > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-22 | CVE-2017-9144 | Improper Input Validation vulnerability in multiple products In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | 4.3 |
2017-05-22 | CVE-2017-9143 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | 4.3 |
2017-05-22 | CVE-2017-9142 | Reachable Assertion vulnerability in multiple products In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | 4.3 |
2017-05-22 | CVE-2017-9141 | Reachable Assertion vulnerability in multiple products In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | 4.3 |
2017-05-19 | CVE-2017-9098 | Use of Uninitialized Resource vulnerability in multiple products ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. | 5.0 |
2017-05-19 | CVE-2017-9079 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. | 4.7 |
2017-05-18 | CVE-2017-9066 | Server-Side Request Forgery (SSRF) vulnerability in Wordpress In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | 5.0 |
2017-05-18 | CVE-2017-9065 | Improper Input Validation vulnerability in Wordpress In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | 5.0 |
2017-05-18 | CVE-2017-9064 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | 6.8 |
2017-05-18 | CVE-2017-9063 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | 4.3 |