Product:

Studio_onsite

(Suse)
Repositories https://github.com/openSUSE/kiwi
#Vulnerabilities 19
Date Id Summary Products Score Patch Annotated
2013-11-23 CVE-2013-4547 nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Nginx, Opensuse, Lifecycle_management_server, Studio_onsite, Webyast N/A
2011-12-08 CVE-2011-4315 Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. Fedora, Nginx, Studio, Studio_onsite, Webyast N/A
2020-01-27 CVE-2017-14807 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. Studio_onsite, Susestudio\-Ui\-Server N/A
2020-01-27 CVE-2017-14806 A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. Studio_onsite, Susestudio\-Ui\-Server N/A
2018-06-07 CVE-2011-0467 A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. Studio_onsite, Studio_onsite_appliance 8.8
2016-06-10 CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Ubuntu_linux, Debian_linux, Graphicsmagick, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Leap, Opensuse, Linux, Solaris, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite 9.8
2017-02-03 CVE-2016-2318 GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite 5.5
2017-02-03 CVE-2016-2317 Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite 5.5
2016-05-26 CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Mac_os_x, Ubuntu_linux, Debian_linux, Expat, Firefox, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite 9.8
2016-07-13 CVE-2015-8808 The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. Fedora, Graphicsmagick, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite 5.5