Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

suse studio onsite 1.3 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2013-3712
SUSE Studio Onsite 1.3.x prior to 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
Suse Studio Onsite 1.3Suse Studio Onsite 1.3.1Suse Studio Onsite 1.3.3Suse Studio Onsite 1.3.5Suse Studio Onsite 1.3.2Suse Studio Onsite 1.3.4Suse Studio Extension For System Z 1.3
NA
CVE-2013-3709
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
Suse Webyast 1.3Suse Studio Onsite 1.3Novell Suse Lifecycle Management Server 1.3
8.1
CVSSv3
CVE-2017-14807
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification ...
Suse Studio Onsite 1.3Suse Susestudio-ui-server
5.9
CVSSv3
CVE-2017-14806
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote malicious users to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite suse...
Suse Studio Onsite 1.3Suse Susestudio-ui-server
NA
CVE-2013-4547
nginx 0.8.41 up to and including 1.4.3 and 1.5.x prior to 1.5.7 allows remote malicious users to bypass intended restrictions via an unescaped space character in a URI.
F5 NginxSuse Lifecycle Management Server 1.3Suse Studio Onsite 1.3Suse Webyast 1.3Opensuse Opensuse 11.4Opensuse Opensuse 12.2Opensuse Opensuse 12.3Opensuse Opensuse 13.1
5.5
CVSSv3
CVE-2015-8808
The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote malicious users to cause a denial of service (uninitialized memory access) via a crafted GIF file.
Graphicsmagick GraphicsmagickSuse Linux Enterprise Software Development Kit 11Suse Linux Enterprise Debuginfo 11Suse Studio Onsite 1.3Fedoraproject Fedora 22
5.5
CVSSv3
CVE-2016-2317
Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote malicious users to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function i...
Graphicsmagick Graphicsmagick 1.3.23Debian Debian Linux 8.0Suse Studio Onsite 1.3Suse Linux Enterprise Software Development Kit 11Opensuse Leap 42.1Suse Linux Enterprise Debuginfo 11Opensuse Opensuse 13.2
5.5
CVSSv3
CVE-2016-2318
GraphicsMagick 1.3.23 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/rend...
Graphicsmagick Graphicsmagick 1.3.23Debian Debian Linux 8.0Opensuse Opensuse 13.2Suse Studio Onsite 1.3Suse Linux Enterprise Software Development Kit 11Suse Linux Enterprise Debuginfo 11Opensuse Leap 42.1
9.8
CVSSv3
CVE-2016-0718
Expat allows context-dependent malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Mozilla FirefoxApple Mac Os XSuse Linux Enterprise Server 11Suse Studio Onsite 1.3Suse Linux Enterprise Software Development Kit 11Suse Linux Enterprise Debuginfo 11Opensuse Leap 42.1Suse Linux Enterprise Software Development Kit 12Suse Linux Enterprise Server 12Suse Linux Enterprise Desktop 12Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Libexpat Project LibexpatDebian Debian Linux 8.0Opensuse Opensuse 13.1Opensuse Opensuse 13.2Mcafee Policy AuditorPython Python
5.5
CVSSv3
CVE-2014-9844
The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted image file.
Opensuse Project Suse Linux Enterprise Debuginfo 11.0Opensuse Project Suse Linux Enterprise Server 11.0Suse Studio Onsite 1.3Opensuse Project Suse Linux Enterprise Software Development Kit 11.0Opensuse Project Leap 42.1Opensuse Opensuse 13.2Opensuse Project Suse Linux Enterprise Desktop 12.0Opensuse Project Suse Linux Enterprise Server 12.0Opensuse Project Suse Linux Enterprise Software Development Kit 12.0Opensuse Project Suse Linux Enterprise Workstation Extension 12.0Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.10Imagemagick Imagemagick 6.8.8-9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook