Security Vulnerabilities - CVEs Published In March 2017
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
CVSS Score
4.7
EPSS Score
0.012
Published
2017-03-30
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
CVSS Score
8.1
EPSS Score
0.007
Published
2017-03-30
ImageMagick allows remote attackers to have unspecified impact via vectors related to error handling in sun files.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-03-30
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
CVSS Score
7.5
EPSS Score
0.012
Published
2017-03-30
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted pnm file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-30
ImageMagick allows remote attackers to cause a denial of service (file descriptor consumption) via a crafted file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-30
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-30
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted dpc image.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-30
ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted xwd image.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-30
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-30