CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A Remote Code Execution vulnerability has been found in the HordeImage library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applicatio...

8.1CVSS8.3AI score0.02803EPSS

Exploits1References4

OSV•added 2017/09/21 5:29 p.m.•15 views

CVE-2017-14650

8.1CVSS7.9AI score

Exploits0References4

Prion•added 2017/09/21 5:29 p.m.•12 views

Remote code execution

6.8CVSS8.1AI score0.02803EPSS

Exploits1References4Affected Software1

UbuntuCve•added 2017/09/21 5:29 p.m.•23 views

CVE-2017-14650

8.1CVSS7AI score0.02803EPSS

Exploits1References4

OSV•added 2017/09/21 5:29 p.m.•1 views

UBUNTU-CVE-2017-14650

8.1CVSS7.2AI score0.02803EPSS

Exploits1References5

CVE•added 2017/09/21 5:0 p.m.•66 views

CVE-2017-14650

CVE-2017-14650 affects Horde_Image (Im backend) using ImageMagick convert; root cause is missing input validation of the index field in _raw() when building the ImageMagick command. Affected are Horde_Image versions 2.0.0 through 2.5.1; fixed in 2.5.2. The vulnerability is contextual: it is not r...

8.1CVSS8.4AI score0.02803EPSS

Exploits1References4Affected Software1

Cvelist•added 2017/09/21 5:0 p.m.•15 views

CVE-2017-14650

8.5AI score0.02803EPSS

Exploits1References4

Debian CVE•added 2017/09/21 5:0 p.m.•19 views

CVE-2017-14650

8.1CVSS8.5AI score0.02803EPSS

Exploits1

Tenable Nessus•added 2017/07/06 12:0 a.m.•25 views

Fedora 25 : php-horde-Horde-Image (2017-6f7d6fbccc)

HordeImage 2.5.1 - mjr SECURITY: Fix more potential places for command injections. ---- HordeImage 2.5.0 - mjr SECURITY: Prevent DOS attack by preventing an infinite loop in certain conditions CVE-2017-9773, reported by Fariskhi Vidyan. - mjr SECURITY: Prevent RCE attacks by properly sanitizing...

8.8CVSS6.9AI score0.04249EPSS

Exploits0References3

Tenable Nessus•added 2017/06/22 12:0 a.m.•25 views

FreeBSD : pear-Horde_Image -- DoS vulnerability (00e4050b-56c1-11e7-8e66-08606e46faad)

Michael J Rubinsky reports : The second vulnerability CVE-2017-9773 is a DOS vulnerability. This only affects Horde installations that do not have a configured image handling backend, and thus use the 'Null' image driver. It is exploitable by a logged in user clicking on a maliciously crafted URL...

5.7CVSS7AI score0.00148EPSS

Exploits0References3

Tenable Nessus•added 2017/06/22 12:0 a.m.•20 views

FreeBSD : pear-Horde_Image -- remote code execution vulnerability (a7003121-56bf-11e7-8e66-08606e46faad)

Michael J Rubinsky reports : The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

8.8CVSS7.8AI score0.04249EPSS

Exploits0References3

OSV•added 2017/06/21 6:29 p.m.•6 views

CVE-2017-9773

Denial of Service was found in HordeImage 2.x before 2.5.0 via a crafted URL to the "Null" image driver...

5.7CVSS8.4AI score

Exploits0References2

NVD•added 2017/06/21 6:29 p.m.•13 views

CVE-2017-9773

Denial of Service was found in HordeImage 2.x before 2.5.0 via a crafted URL to the "Null" image driver...

5.7CVSS6.7AI score0.00148EPSS

Exploits0References2