Vulnerabilities > Suse > Studio Onsite > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2017-14807 | SQL Injection vulnerability in Suse Studio Onsite and Susestudio-Ui-Server An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. | 8.1 |
| 2018-06-07 | CVE-2011-0467 | SQL Injection vulnerability in Suse Studio Onsite and Studio Onsite Appliance A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. | 8.8 |
| 2017-03-20 | CVE-2014-9846 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | 7.5 |
| 2014-04-16 | CVE-2011-4195 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. | 7.5 |
| 2014-04-16 | CVE-2011-4192 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" | 7.5 |
| 2014-04-16 | CVE-2011-3180 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | 7.5 |
| 2013-12-23 | CVE-2013-3709 | Permissions, Privileges, and Access Controls vulnerability in multiple products WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. | 7.2 |
| 2013-11-23 | CVE-2013-4547 | Improper Encoding or Escaping of Output vulnerability in multiple products nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | 7.5 |