Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Studio_onsite
(Suse)Repositories | https://github.com/openSUSE/kiwi |
#Vulnerabilities | 22 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2016-07-13 | CVE-2015-8808 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | Fedora, Graphicsmagick, Linux_enterprise_debuginfo, Linux_enterprise_software_development_kit, Studio_onsite | 5.5 | ||
2017-03-20 | CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Leap, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Studio_onsite | 9.8 | ||
2017-03-20 | CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | Ubuntu_linux, Imagemagick, Leap, Opensuse, Leap, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Studio_onsite | 5.5 | ||
2017-03-20 | CVE-2014-9844 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | Ubuntu_linux, Imagemagick, Opensuse, Leap, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Suse_linux_enterprise_workstation_extension, Studio_onsite | 5.5 | ||
2014-02-26 | CVE-2013-3712 | SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | Studio_extension_for_system_z, Studio_onsite | N/A | ||
2013-12-23 | CVE-2013-3709 | WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | Suse_lifecycle_management_server, Studio_onsite, Webyast | N/A | ||
2014-04-16 | CVE-2011-4195 | kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. | Kiwi, Studio_extension_for_system_z, Studio_onsite | N/A | ||
2014-04-16 | CVE-2011-4193 | Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. | Studio_extension_for_system_z, Studio_onsite | N/A | ||
2014-04-16 | CVE-2011-4192 | kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." | Kiwi, Studio_extension_for_system_z, Studio_onsite | N/A | ||
2014-04-16 | CVE-2011-3180 | kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | Kiwi, Studio_extension_for_system_z, Studio_onsite | N/A |