Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-07 | CVE-2017-6362 | Double Free vulnerability in multiple products Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. | 7.5 |
2017-09-07 | CVE-2015-3442 | Improper Authentication vulnerability in Soreco Xpert.Line 3.0 Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | 7.5 |
2017-09-07 | CVE-2017-14175 | Excessive Iteration vulnerability in multiple products In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14174 | Excessive Iteration vulnerability in multiple products In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14172 | Excessive Iteration vulnerability in multiple products In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14171 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-07 | CVE-2017-14170 | Excessive Iteration vulnerability in Ffmpeg 3.3.3 In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. | 7.1 |
2017-09-06 | CVE-2015-7241 | XXE vulnerability in SAP Netweaver 4.0/6.4/7.0 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | 7.5 |
2017-09-06 | CVE-2015-2210 | Command Injection vulnerability in Epicor CRS Retail Store The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | 7.2 |
2017-09-05 | CVE-2017-14158 | Resource Exhaustion vulnerability in Scrapy 1.4 Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. | 7.8 |