VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution. A flaw was found in ImageMagick. Red Hat severity: Moderate — CVSS 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-825. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of service. A flaw was found in ImageMagick. A remote attacker could provide a specially crafted image, causing the software to allocate more memory than permitted by its configuration. This can lead to a denial of service (DoS), making the system or application unavailable to legitimate users. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-770. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes. A flaw was found in ImageMagick. This vulnerability allows a remote attacker to cause the application to crash. The issue stems from improper handling of XMP (Extensible Metadata Platform) profiles within image files. By crafting a malicious image with specially designed XMP data, an attacker can trigger a heap use-after-free condition, leading to a denial of service. Red Hat severity: Moderate — CVSS 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H). Weakness: CWE-476. Affected Red Hat products: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Will not fix / out of support: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7. Red Hat does not currently list a fixing RHSA for this CVE.
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service. A flaw was found in ImageMagick. This heap buffer overflow vulnerability, identified as CWE-122 (Heap-based Buffer Overflow), occurs in the magnify operation when processing an unrecognized `magnify:method` value. An attacker could exploit this by providing a specially crafted input, leading to an out-of-bounds read. This could potentially expose sensitive information or cause a denial of service (DoS) to the system. Red Hat severity: Moderate — CVSS 6.1 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). Weakness: CWE-125. Under investigation: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker with the ability to debug a process to produce misleading audit trails. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Log4j versions 2.21.0 through 2.25.3 and 3.0.0-alpha1 through 3.0.0-beta3 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. Affected products: Data Infrastructure Insights and Data Secure Storage Workload Security Agent. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
All supported versions of FreeBSD are susceptible to a vulnerability which when successfully exploited could allow an attacker to delete files outside the intended directory tree. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
FreeBSD 14.3, 14.4 and 15.0 are susceptible to a vulnerability which when successfully exploited could allow an unprivileged user to observe a small amount of uninitialized kernel stack data. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Apache Log4cxx versions prior to 1.7.0 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data. Successful exploitation of this vulnerability could lead to addition or modification of data. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service Affected product named by the advisory: GitLab.
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service Affected product named by the advisory: GitLab.
Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service Affected product named by the advisory: GitLab.
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.