CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14807 – SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite
https://notcve.org/view.php?id=CVE-2017-14807
27 Jan 2020 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. Una Neutralización Inapropiada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL ("SQL Injection") en susestu... • https://bugzilla.suse.com/show_bug.cgi?id=1065396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14806 – Insecure handling of repodata and packages in SUSE Studio onlite
https://notcve.org/view.php?id=CVE-2017-14806
27 Jan 2020 — A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. Una vulnerabilidad de Comprobación de Certificado Inapropiada en susestudio-common de SUSE Studio onsite, permite a atacantes remotos conexiones de tipo MITM hacia los repositorios, ... • https://bugzilla.suse.com/show_bug.cgi?id=1065397 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 2%CPEs: 16EXPL: 0CVE-2014-9846
https://notcve.org/view.php?id=CVE-2014-9846
20 Mar 2017 — Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Desbordamiento de búfer en la función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos tener impacto no especificado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 0CVE-2014-9847
https://notcve.org/view.php?id=CVE-2014-9847
20 Mar 2017 — The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. El decodificador jng en ImageMagick 6.8.9.9 permite a atacantes remotos tener un impacto no especificado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2317 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2016-2317
26 Dec 2016 — Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. Múltiples desbordamientos de búfer en GraphicsMagick 1.3.23 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo SVG manipulado, relacionado con (1) la función TracePoint en magic... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2016-2318 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2016-2318
26 Dec 2016 — GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. GraphicsMagick 1.3.23 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo SVG manipulado, relacionado con (1) la función DrawImage en magick/render.c, (2) función SVGSta... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-9844 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9844
21 Nov 2016 — The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked i... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-9845 – Ubuntu Security Notice USN-3131-1
https://notcve.org/view.php?id=CVE-2014-9845
21 Nov 2016 — The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could explo... • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8808 – Debian Security Advisory 3746-1
https://notcve.org/view.php?id=CVE-2015-8808
13 Jul 2016 — The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. La función DecodeImage en coders/gif.c en GraphicsMagick 1.3.18 permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada) a través de un archivo GIF manipulado. Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177834.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 56%CPEs: 24EXPL: 0CVE-2016-5118 – ImageMagick: Remote code execution via filename
https://notcve.org/view.php?id=CVE-2016-5118
30 May 2016 — The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. La función OpenBlob en blob.c en GraphicsMagick en versiones anteriores a 1.3.24 y ImageMagick permite a atacantes remotos ejecutar código arbitrario a través del caractér | (tubería) en el inicio del nombre de archivo. It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processe... • http://git.imagemagick.org/repos/ImageMagick/commit/40639d173aa8c76b850d625c630b711fee4dcfb8 • CWE-20: Improper Input Validation •