Leap Security Vulnerabilities
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions."
9.8CVSS
7.6AI Score
0.014EPSS
Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
7.5CVSS
7.1AI Score
0.018EPSS
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
9.8CVSS
7.6AI Score
0.014EPSS
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
5.5CVSS
5.7AI Score
0.009EPSS
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
5.5CVSS
5.8AI Score
0.013EPSS
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
9.8CVSS
7AI Score
0.014EPSS
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact.
9.8CVSS
6.7AI Score
0.023EPSS
Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption).
7.5CVSS
7.1AI Score
0.021EPSS
The png coder in ImageMagick allows remote attackers to cause a denial of service (crash).
7.5CVSS
7.1AI Score
0.018EPSS
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
7.5CVSS
7.1AI Score
0.012EPSS
ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
7.5CVSS
7.1AI Score
0.017EPSS
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).
7.5CVSS
8.1AI Score
0.005EPSS
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
5.5CVSS
5.8AI Score
0.017EPSS
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.
8.2AI Score
0.0004EPSS
Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
5.5CVSS
5.8AI Score
0.011EPSS
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
6.1CVSS
6.2AI Score
0.002EPSS
Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors.
7.5CVSS
7.3AI Score
0.007EPSS
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
5.5CVSS
5.7AI Score
0.013EPSS
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
5.5CVSS
5.8AI Score
0.009EPSS
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.
7.5CVSS
7AI Score
0.041EPSS
Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.
6.5CVSS
7.4AI Score
0.007EPSS
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
6.5CVSS
7.2AI Score
0.007EPSS
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.
7.5CVSS
7.2AI Score
0.023EPSS
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
6.5CVSS
6.9AI Score
0.006EPSS
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
6.5CVSS
6.9AI Score
0.004EPSS
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
5.5CVSS
6.4AI Score
0.021EPSS
7.8CVSS
8.7AI Score
0.001EPSS
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
7.8CVSS
8.5AI Score
0.004EPSS
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
7.8CVSS
8.5AI Score
0.006EPSS
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
5.5CVSS
6.5AI Score
0.0005EPSS
9.8CVSS
9.3AI Score
0.002EPSS
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or h...
7.8CVSS
7.5AI Score
0.0004EPSS
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SH...
7.8CVSS
7.4AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name.
6.1CVSS
5.9AI Score
0.002EPSS
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overf...
9.8CVSS
9.5AI Score
0.409EPSS