Lucene search
K
SuseStudio Onsite

22 matches found

CVE
CVE
added 2014/09/24 6:0 p.m.2915 views

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

10CVSS9.9AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2014/09/25 1:0 a.m.1333 views

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

10CVSS8.4AI score0.9994EPSS
In wild
CVE
CVE
added 2013/11/23 6:0 p.m.436 views

CVE-2013-4547

CVE-2013-4547 affects nginx versions 0.8.41–1.4.3 and 1.5.x prior to 1.5.7. Root cause: an unescaped space character in a URI can bypass intended restrictions, enabling remote bypass of access controls as described in the entry. Impact: restriction bypass is possible; exploitation and mitigation ...

7.5CVSS9.2AI score0.67718EPSS
CVE
CVE
added 2016/05/26 4:0 p.m.418 views

CVE-2016-0718

CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...

9.8CVSS8.7AI score0.13802EPSS
CVE
CVE
added 2015/07/23 12:0 a.m.341 views

CVE-2015-1283

The material confirms CVE-2015-1283 is an Expat XML_GetBuffer integer/heap overflow issue, with impact on multiple products using expat up to 2.1.0 (e.g., Chrome before 44.0.2403.89). Related CVEs include CVE-2015-2716 and CVE-2016-4472 (note: the latter indicates the overflow protection was remo...

6.8CVSS8.4AI score0.19069EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.177 views

CVE-2016-5118

CVE-2016-5118 affects GraphicsMagick and ImageMagick: the OpenBlob handling accepts a leading ‘|’ pipe in a filename, enabling remote code execution. Connected advisories confirm the issue and note remediation by upgrading to at least GraphicsMagick 1.3.24 (and corresponding ImageMagick fixes) an...

10CVSS9.5AI score0.49982EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.121 views

CVE-2016-2317

GraphicsMagick’s SVG processing for CVE-2016-2317 comprises stack and heap buffer overflows in MVG/SVG rendering (TracePoint, GetToken, GetTransformTokens). Connected advisories confirm this was addressed in newer GraphicsMagick packages across distros (e.g., Debian Jessie: 1.3.20-3+deb8u2; Stret...

5.5CVSS6.8AI score0.0199EPSS
CVE
CVE
added 2011/12/08 8:0 p.m.113 views

CVE-2011-4315

CVE-2011-4315 describes a heap-based buffer overflow in nginx’s DNS resolver path (core/ngx_resolver.c) that can be triggered by compression-pointer processing. Affected: nginx versions prior to 1.0.10. Impact stated across sources: remote resolvers may cause a denial of service (daemon crash) an...

6.8CVSS7.6AI score0.0607EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.91 views

CVE-2014-9846

CVE-2014-9846 involves a buffer overflow in the ReadRLEImage function (coders/rle.c) of ImageMagick, exposed in at least ImageMagick 6.8.9.9. Remote, unauthenticated attackers could trigger an overflow, with impact described as unspecified in the CVE record. The connected OpenVAS/Nessus entries c...

9.8CVSS7AI score0.04852EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.87 views

CVE-2014-9845

CVE-2014-9845 : ImageMagick’s ReadDIBImage function (coders/dib.c) is vulnerable to a denial of service by processing a corrupted DIB file. The vulnerability exists in the ImageMagick code path that reads DIB images. The connected sources confirm the affected component and the crash outcome but d...

5.5CVSS5.8AI score0.01946EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.85 views

CVE-2016-2318

GraphicsMagick 1.3.23 is affected by CVE-2016-2318, which can cause denial of service via a crafted SVG file due to segmentation faults in render SVG handling (DrawImage, SVGStartElement, TraceArcPath). Patches exist in downstream advisories: Debian/DSA-3746 fixes to GraphicsMagick (e.g., 1.3.20-...

5.5CVSS6.6AI score0.01879EPSS
CVE
CVE
added 2016/07/13 3:0 p.m.83 views

CVE-2015-8808

CVE-2015-8808 affects GraphicsMagick (GIF decoding path). The DecodeImage function in coders/gif.c can trigger an out-of-bounds read on crafted GIFs, leading to denial of service via uninitialized memory access. The issue is tied to the GIF parser in GraphicsMagick 1.3.18 and has been addressed i...

5.5CVSS5.2AI score0.01541EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.78 views

CVE-2014-9844

CVE-2014-9844 affects ImageMagick 6.8.9.9, where the ReadRLEImage function in coders/rle.c is vulnerable. A crafted image file can trigger an out-of-bounds read, enabling a remote denial of service. The vulnerability is tied to processing of RLE-encoded data within ImageMagick. The provided conne...

5.5CVSS5.7AI score0.02054EPSS
CVE
CVE
added 2013/12/23 11:0 p.m.59 views

CVE-2013-3709

CVE-2013-3709 affects WebYaST 1.3 where the config/initializers/secret_token.rb file has weak permissions, allowing a local attacker to read the Rails secret token and potentially forge session cookies. SUSE/openSUSE advisories (openSUSE-SU-2013:1952/1954/1961) patch this by making secret_token.r...

7.2CVSS6.3AI score0.00481EPSS
CVE
CVE
added 2020/01/27 9:45 a.m.55 views

CVE-2017-14807

CVE-2017-14807 is an SQL injection vulnerability in SUSE Studio onsite susestudio-ui-server (affected: version 1.3.17-56.6.3 and prior). The issue is described as Improper Neutralization of Special Elements used in an SQL Command, enabling remote attackers with admin privileges in Studio to alter...

8.1CVSS8.4AI score0.01027EPSS
CVE
CVE
added 2020/01/27 9:45 a.m.53 views

CVE-2017-14806

CVE-2017-14806 concerns an Improper Certificate Validation in SUSE Studio onsite’s susestudio-common, affecting version 1.3.17-56.6.3 and earlier. The vulnerability could allow remote attackers to perform MITM on repository connections, enabling modification of delivered packages. Connected docum...

5.9CVSS5AI score0.00444EPSS
CVE
CVE
added 2018/06/07 9:0 p.m.52 views

CVE-2011-0467

CVE-2011-0467 affects SUSE Studio Onsite and SUSE Studio Onsite Appliance. The issue is a SQL injection vulnerability in the listing of available software, exploitable by authenticated users. Affected releases: SUSE Studio Onsite prior to 1.0.3-0.18.1 and SUSE Studio Onsite 1.1 Appliance prior to...

8.8CVSS9.1AI score0.0129EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.52 views

CVE-2011-4195

CVE-2011-4195 affects kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. An attacker can execute arbitrary commands via shell metacharacters in an image name. Impact: arbitrary command execution with network-accessible cont...

7.5CVSS7.8AI score0.01877EPSS
CVE
CVE
added 2014/02/26 3:0 p.m.49 views

CVE-2013-3712

CVE-2013-3712 affects SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3, which use static secret tokens. The material states the impact and attack vectors as unspecified in the description; no concrete exploitation details, affected component versions, root cause sp...

10CVSS6.8AI score0.01366EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.48 views

CVE-2011-3180

Kiwi before 4.98.08, used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. Root cause: untrusted path handling in Kiwi leads to ...

7.5CVSS7.7AI score0.02578EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.47 views

CVE-2011-4193

CVE-2011-4193 describes a Cross-site scripting (XSS) flaw in the overlay files tab of SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to...

4.3CVSS5.8AI score0.00942EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.45 views

CVE-2011-4192

CVE-2011-4192 affects kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The issue allows attackers to execute arbitrary commands, demonstrated by "double quotes in kiwi_oemtitle of .profile." The connected documents corrobo...

7.5CVSS7.7AI score0.01498EPSS