CVE-2017-14807 – SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite
https://notcve.org/view.php?id=CVE-2017-14807
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. Una Neutralización Inapropiada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL ("SQL Injection") en susestudio-ui-server de SUSE Studio onsite, permite a atacantes remotos con privilegios de administrador en Studio alterar las sentencias SQL, permitiendo una extracción y modificación de datos. Este problema afecta a: susestudio-ui-server de SUSE Studio onsite versión 1.3.17-56.6.3 y anteriores. • https://bugzilla.suse.com/show_bug.cgi?id=1065396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2017-14806 – Insecure handling of repodata and packages in SUSE Studio onlite
https://notcve.org/view.php?id=CVE-2017-14806
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. Una vulnerabilidad de Comprobación de Certificado Inapropiada en susestudio-common de SUSE Studio onsite, permite a atacantes remotos conexiones de tipo MITM hacia los repositorios, lo que permite la modificación de los paquetes recibidos por medio de estas conexiones. Este problema afecta a: susestudio-common de SUSE Studio onsite versión 1.3.17-56.6.3 y anteriores. • https://bugzilla.suse.com/show_bug.cgi?id=1065397 • CWE-295: Improper Certificate Validation •
CVE-2014-9847
https://notcve.org/view.php?id=CVE-2014-9847
The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. El decodificador jng en ImageMagick 6.8.9.9 permite a atacantes remotos tener un impacto no especificado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9845
https://notcve.org/view.php?id=CVE-2014-9845
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9844
https://notcve.org/view.php?id=CVE-2014-9844
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02 • CWE-125: Out-of-bounds Read •