| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code. |
| DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devices allows remote attackers to read the documents of arbitrary users via a modified HTTP request. |
| Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. |
| Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. |
| rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. |
| The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports. |
| phpMyFAQ before 2.9.11 allows CSRF. |
| In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow. |
| In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file. |
| In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. |
| There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file. |
| There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image. |
| The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file. |
| The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. |
| ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. |
| ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. |
| Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation. |
| Evolution CMS 1.4.x allows XSS via the manager/ search parameter. |
| Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. |
| Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. |
