Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2017
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-04-18
The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-04-18
The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-04-18
The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS Score
6.5
EPSS Score
0.011
Published
2017-04-18
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-04-18
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
CVSS Score
6.5
EPSS Score
0.011
Published
2017-04-18
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-04-18
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
CVSS Score
5.3
EPSS Score
0.032
Published
2017-04-18
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
CVSS Score
7.5
EPSS Score
0.038
Published
2017-04-18
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-04-18


Contact Us

Shodan ® - All rights reserved