Studio Onsite

studio_onsite

Vendor: Suse • 22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-14807 1Suse 2Studio Onsite Susestudio Ui Server Nov 21, 2024 Jan 27, 2020 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL sta...Show more An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.Show less
CVE-2017-14806 1Suse 2Studio Onsite Susestudio Ui Server Nov 21, 2024 Jan 27, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these co...Show more A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.Show less
CVE-2011-0467 1Suse 2Studio Onsite Studio Onsite Appliance Nov 21, 2024 Jun 7, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE St...Show more A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.Show less
CVE-2014-9846 5Canonical ImagemagickOpensuse+2 more 11Imagemagick LeapLeap+8 more May 13, 2026 Mar 20, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2014-9845 5Canonical ImagemagickOpensuse+2 more 11Imagemagick LeapLeap+8 more May 13, 2026 Mar 20, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVE-2014-9844 5Canonical ImagemagickOpensuse+2 more 10Imagemagick LeapOpensuse+7 more May 13, 2026 Mar 20, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2016-2318 4Debian GraphicsmagickOpensuse+1 more 7Debian Linux GraphicsmagickLeap+4 more May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in code...Show more GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.Show less
CVE-2016-2317 4Debian GraphicsmagickOpensuse+1 more 7Debian Linux GraphicsmagickLeap+4 more May 13, 2026 Feb 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in m...Show more Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c.Show less
CVE-2015-8808 3Fedoraproject GraphicsmagickSuse 5Fedora GraphicsmagickLinux Enterprise Debuginfo+2 more May 6, 2026 Jul 13, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.
CVE-2016-5118 7Canonical DebianGraphicsmagick+4 more 14Debian Linux GraphicsmagickImagemagick+11 more May 6, 2026 Jun 10, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a \| (pipe) character at the start of a filename.
CVE-2016-0718 9Apple CanonicalDebian+6 more 14Debian Linux FirefoxLeap+11 more May 6, 2026 May 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-1283 8Canonical DebianGoogle+5 more 13Chrome Debian LinuxLeap+10 more May 6, 2026 Jul 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer ove...Show more Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.Show less
CVE-2014-7169 17Apple AristaCanonical+14 more 74Arx Firmware BashBig Ip Access Policy Manager+71 more Apr 22, 2026 Sep 25, 2014 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown oth...Show more GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.Show less
CVE-2014-6271 17Apple AristaCanonical+14 more 74Arx Firmware BashBig Ip Access Policy Manager+71 more Apr 22, 2026 Sep 24, 2014 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vec...Show more GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.Show less
CVE-2011-4195 1Suse 3Kiwi Studio Extension For System ZStudio Onsite May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.
CVE-2011-4193 1Suse 2Studio Extension For System Z Studio Onsite May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or H...Show more Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.Show less
CVE-2011-4192 1Suse 3Kiwi Studio Extension For System ZStudio Onsite May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitl...Show more kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."Show less
CVE-2011-3180 1Suse 3Kiwi Studio Extension For System ZStudio Onsite May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overl...Show more kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.Show less
CVE-2013-3712 1Suse 2Studio Extension For System Z Studio Onsite Apr 29, 2026 Feb 26, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
CVE-2013-3709 2Novell Suse 3Studio Onsite Suse Lifecycle Management ServerWebyast Apr 29, 2026 Dec 23, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

12 Next