CVE-2017-18211 — In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
Published: March 01, 2018; 04:29:00 PM -05:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2017-18029 — In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Published: January 12, 2018; 03:29:00 PM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2017-18028 — In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
Published: January 12, 2018; 03:29:00 PM -05:00

V3: 6.5 MEDIUM
V2: 7.1 HIGH

CVE-2017-18027 — In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Published: January 12, 2018; 03:29:00 PM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2017-18008 — In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.
Published: January 01, 2018; 03:29:00 AM -05:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-18898 — The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing.
Published: March 21, 2019; 12:00:29 PM -04:00

V3: 7.5 HIGH
V2: 5.0 MEDIUM

CVE-2018-15906 — SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file.
Published: March 21, 2019; 12:00:21 PM -04:00

V3: 7.2 HIGH
V2: 9.0 HIGH

CVE-2018-18435 — KioWare Server 4.9.6 allows local users to gain privileges by replacing \kioware_com\KWSS.exe with a Trojan horse program, because \kioware_com has "Everyone: (F)" permissions.
Published: March 21, 2019; 12:00:28 PM -04:00

V3: 7.8 HIGH
V2: 7.2 HIGH

CVE-2018-18607 — An issue was discovered in elf_link_input_bfd in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols... read CVE-2018-18607
Published: October 23, 2018; 01:29:00 PM -04:00

V3: 5.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-16519 — COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs used by "iFrame" widgets.
Published: March 21, 2019; 12:00:22 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-19511 — wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password.
Published: March 21, 2019; 12:00:31 PM -04:00

V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-20121 — Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
Published: March 21, 2019; 12:00:34 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-12638 — An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app... read CVE-2018-12638
Published: March 21, 2019; 12:00:14 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-19510 — subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection via the Client-IP HTTP request header.
Published: March 21, 2019; 12:00:31 PM -04:00

V3: 9.8 CRITICAL
V2: 7.5 HIGH

CVE-2018-19509 — wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by t... read CVE-2018-19509
Published: March 21, 2019; 12:00:31 PM -04:00

V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

CVE-2018-20635 — PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
Published: March 21, 2019; 12:00:36 PM -04:00

V3: 4.3 MEDIUM
V2: 4.0 MEDIUM

CVE-2018-20634 — PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
Published: March 21, 2019; 12:00:36 PM -04:00

V3: 6.5 MEDIUM
V2: 4.0 MEDIUM

CVE-2018-20633 — PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
Published: March 21, 2019; 12:00:36 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM

CVE-2018-20632 — PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
Published: March 21, 2019; 12:00:36 PM -04:00

V3: 5.4 MEDIUM
V2: 3.5 LOW

CVE-2019-6727 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The... read CVE-2019-6727
Published: March 21, 2019; 12:01:09 PM -04:00

V3: 8.8 HIGH
V2: 6.8 MEDIUM