CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14807 – SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite
https://notcve.org/view.php?id=CVE-2017-14807
27 Jan 2020 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. Una Neutralización Inapropiada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL ("SQL Injection") en susestu... • https://bugzilla.suse.com/show_bug.cgi?id=1065396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14806 – Insecure handling of repodata and packages in SUSE Studio onlite
https://notcve.org/view.php?id=CVE-2017-14806
27 Jan 2020 — A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. Una vulnerabilidad de Comprobación de Certificado Inapropiada en susestudio-common de SUSE Studio onsite, permite a atacantes remotos conexiones de tipo MITM hacia los repositorios, ... • https://bugzilla.suse.com/show_bug.cgi?id=1065397 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0467 – SQL injection in SUSE studio via select parameter
https://notcve.org/view.php?id=CVE-2011-0467
07 Jun 2018 — A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias... • https://bugzilla.suse.com/show_bug.cgi?id=675039 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2014-9846
https://notcve.org/view.php?id=CVE-2014-9846
20 Mar 2017 — Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Desbordamiento de búfer en la función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos tener impacto no especificado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2317 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2016-2317
26 Dec 2016 — Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. Múltiples desbordamientos de búfer en GraphicsMagick 1.3.23 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo SVG manipulado, relacionado con (1) la función TracePoint en magic... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2318 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2016-2318
26 Dec 2016 — GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. GraphicsMagick 1.3.23 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo SVG manipulado, relacionado con (1) la función DrawImage en magick/render.c, (2) función SVGSta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-9844 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9844
21 Nov 2016 — The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked i... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-9845 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9845
21 Nov 2016 — The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could explo... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8808 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2015-8808
13 Jul 2016 — The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. La función DecodeImage en coders/gif.c en GraphicsMagick 1.3.18 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de un archivo GIF manipulado. Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •