CVSS: 6.1EPSS: 89%CPEs: 9EXPL: 0CVE-2018-5712 – php: Reflected XSS on PHAR 404 page
https://notcve.org/view.php?id=CVE-2018-5712
16 Jan 2018 — An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.33, versiones 7.0.x anteriores a la 7.0.27, versiones 7.1.x anteriores a la 7.1.13 y versiones 7.2.x anteriores a la 7.2.1. Hay XSS reflejado en la página de error PHAR 404 mediante el URI de una petición de un archivo .phar. It was disc... • http://php.net/ChangeLog-5.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18027 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18027
12 Jan 2018 — In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.7-1 Q16 en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malfor... • http://www.securityfocus.com/bid/102527 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18028 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18028
12 Jan 2018 — In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de agotamiento de memoria en ImageMagick 7.0.7-1 Q16 en la función ReadTIFFImage en coders/tiff.c. Esta vulnerabilidad permite que los atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled c... • https://github.com/ImageMagick/ImageMagick/issues/736 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-18029 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2017-18029
12 Jan 2018 — In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. Se ha encontrado una vulnerabilidad de filtrado de memoria en ImageMagick 7.0.6-10 Q16 en la función ReadMATImage en coders/mat.c. Esta vulnerabilidad permite que los atacantes remotos provoquen una denegación de servicio mediante un archivo manipulado. It was discovered that ImageMagick incorrectly handled certain malf... • http://www.securityfocus.com/bid/102519 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5357 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5357
12 Jan 2018 — ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. ImageMagick 7.0.7-22 Q16 tiene fugas de memoria en la función ReadDCMImage en coders/dcm.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102497 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5358 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5358
12 Jan 2018 — ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. ImageMagick 7.0.7-22 Q16 tiene fugas de memoria en la función EncodeImageAttributes en coders/json.c, tal y como demuestra la función ReadPSDLayersInternal en coders/psd.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a speciall... • https://github.com/ImageMagick/ImageMagick/issues/939 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5205 – Ubuntu Security Notice USN-3527-1
https://notcve.org/view.php?id=CVE-2018-5205
06 Jan 2018 — When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. Al utilizar códigos escapados incompletos, Irssi en versiones anteriores a la 1.0.6 podría acceder a datos más allá del final de la cadena. Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. Joseph Bisch disco... • https://irssi.org/security/irssi_sa_2018_01.txt • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5246 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5246
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadPATTERNImage en coders/pattern.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • http://www.securityfocus.com/bid/102469 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-5247 – Ubuntu Security Notice USN-3681-1
https://notcve.org/view.php?id=CVE-2018-5247
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. ImageMagick 7.0.7-17 Q16 tiene una fuga de memoria en ReadRLAImage en coders/rla.c. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. • https://github.com/ImageMagick/ImageMagick/issues/928 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 1%CPEs: 7EXPL: 1CVE-2018-5248 – Debian Security Advisory 4204-1
https://notcve.org/view.php?id=CVE-2018-5248
05 Jan 2018 — In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. En ImageMagick 7.0.7-17 Q16, hay una sobrelectura de búfer basada en memoria dinámica (heap) en la función ReadSIXELImage en coders/sixel.c, relacionada con la función sixel_decode. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially cr... • http://www.securityfocus.com/bid/102431 • CWE-125: Out-of-bounds Read •