Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Studio_onsite
(Suse)| Repositories | https://github.com/openSUSE/kiwi |
| #Vulnerabilities | 20 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-27 | CVE-2017-14807 | An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. | Studio_onsite, Susestudio\-Ui\-Server | 8.1 | ||
| 2016-06-10 | CVE-2016-5118 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. | Ubuntu_linux, Debian_linux, Graphicsmagick, Imagemagick, Leap, Opensuse, Linux, Solaris, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Studio_onsite | 9.8 | ||
| 2016-05-26 | CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | Mac_os_x, Ubuntu_linux, Debian_linux, Libexpat, Policy_auditor, Firefox, Leap, Opensuse, Python, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite | 9.8 | ||
| 2011-12-08 | CVE-2011-4315 | Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | Nginx, Fedora, Studio, Studio_onsite, Webyast | N/A | ||
| 2013-11-23 | CVE-2013-4547 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | Nginx, Opensuse, Lifecycle_management_server, Studio_onsite, Webyast | N/A | ||
| 2017-02-03 | CVE-2016-2318 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. | Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
| 2017-02-03 | CVE-2016-2317 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. | Debian_linux, Graphicsmagick, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
| 2016-07-13 | CVE-2015-8808 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | Fedora, Graphicsmagick, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
| 2017-03-20 | CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Leap, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Studio_onsite | 9.8 | ||
| 2017-03-20 | CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Leap, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Studio_onsite | 5.5 |