Security Vulnerabilities - CVEs Published In April 2017
In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-04-11
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
CVSS Score
9.8
EPSS Score
0.032
Published
2017-04-11
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-04-11
A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-04-11
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-04-11
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS Score
5.5
EPSS Score
0.005
Published
2017-04-11
DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
CVSS Score
5.5
EPSS Score
0.005
Published
2017-04-11
The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).
CVSS Score
6.2
EPSS Score
0.001
Published
2017-04-11
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-04-11
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
CVSS Score
8.8
EPSS Score
0.136
Published
2017-04-11