Vulnerabilities > Suse > Studio Onsite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-26 | CVE-2016-0718 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 9.8 |
| 2014-04-16 | CVE-2011-4195 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. | 7.5 |
| 2014-04-16 | CVE-2011-4193 | Cross-Site Scripting vulnerability in Suse Studio Extension for System Z and Studio Onsite Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. | 4.3 |
| 2014-04-16 | CVE-2011-4192 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" | 7.5 |
| 2014-04-16 | CVE-2011-3180 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | 7.5 |
| 2014-02-26 | CVE-2013-3712 | Cryptographic Issues vulnerability in Suse Studio Extension for System Z and Studio Onsite SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | 10.0 |
| 2013-12-23 | CVE-2013-3709 | Permissions, Privileges, and Access Controls vulnerability in multiple products WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | 7.2 |
| 2013-11-23 | CVE-2013-4547 | Improper Encoding or Escaping of Output vulnerability in multiple products nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | 7.5 |
| 2011-12-08 | CVE-2011-4315 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. | 6.8 |