Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-20	CVE-2014-9846	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. network low complexity opensuse-project suse opensuse canonical imagemagick CWE-119 critical	9.8
2016-06-10	CVE-2016-5118	The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename. network low complexity graphicsmagick suse oracle opensuse canonical debian imagemagick critical	9.8
2016-05-26	CVE-2016-0718	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. network low complexity mozilla apple suse opensuse canonical libexpat-project debian mcafee python CWE-119 critical	9.8
2014-09-25	CVE-2014-7169	OS Command Injection vulnerability in multiple products GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. network low complexity gnu arista oracle qnap mageia redhat suse opensuse debian ibm canonical novell checkpoint f5 citrix apple vmware CWE-78 critical	9.8
2014-09-24	CVE-2014-6271	OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. network low complexity gnu arista oracle qnap mageia redhat suse opensuse debian ibm canonical novell checkpoint f5 citrix apple vmware CWE-78 critical	9.8