Suse Studio_onsite
17 CVEs affecting Suse Studio_onsite. Latest disclosed: 2017-03-20. Critical: 3, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-9846 | Critical | 9.8 | 2017-03-20 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. |
CVE-2016-5118 | Critical | 9.8 | 2016-06-10 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at t… |
CVE-2016-0718 | Critical | 9.8 | 2016-05-26 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers… |
CVE-2014-9845 | Medium | 5.5 | 2017-03-20 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. |
CVE-2014-9844 | Medium | 5.5 | 2017-03-20 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image… |
CVE-2016-2318 | Medium | 5.5 | 2017-02-03 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage func… |
CVE-2016-2317 | Medium | 5.5 | 2017-02-03 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) Trace… |
CVE-2015-8808 | Medium | 5.5 | 2016-07-13 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a craf… |
CVE-2015-1283 | | 2015-07-23 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote… | |
CVE-2011-4195 | | 2014-04-16 | kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitr… | |
CVE-2011-4193 | | 2014-04-16 | Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2… | |
CVE-2011-4192 | | 2014-04-16 | kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitra… | |
CVE-2011-3180 | | 2014-04-16 | kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitr… | |
CVE-2013-3712 | | 2014-02-26 | SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | |
CVE-2013-3709 | | 2013-12-23 | WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from t… | |
CVE-2013-4547 | | 2013-11-23 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | |
CVE-2011-4315 | | 2011-12-08 | Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service… |