Summary
| Detail | |||
|---|---|---|---|
| Vendor | Suse | First view | 2011-12-08 |
| Product | Studio Onsite | Last view | 2020-01-27 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.1 | 2020-01-27 | CVE-2017-14807 | An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. |
| 5.9 | 2020-01-27 | CVE-2017-14806 | A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. |
| 8.8 | 2018-06-07 | CVE-2011-0467 | A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. |
| 9.8 | 2017-03-20 | CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. |
| 5.5 | 2017-03-20 | CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. |
| 5.5 | 2017-03-20 | CVE-2014-9844 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. |
| 5.5 | 2017-02-03 | CVE-2016-2318 | GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c. |
| 5.5 | 2017-02-03 | CVE-2016-2317 | Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c. |
| 5.5 | 2016-07-13 | CVE-2015-8808 | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. |
| 9.8 | 2016-06-10 | CVE-2016-5118 | The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. |
| 9.8 | 2016-05-26 | CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
| 6.8 | 2015-07-22 | CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. |
| 7.5 | 2014-04-16 | CVE-2011-4195 | kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name. |
| 4.3 | 2014-04-16 | CVE-2011-4193 | Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. |
| 7.5 | 2014-04-16 | CVE-2011-4192 | kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." |
| 7.5 | 2014-04-16 | CVE-2011-3180 | kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. |
| 10 | 2014-02-26 | CVE-2013-3712 | SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. |
| 7.2 | 2013-12-23 | CVE-2013-3709 | WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. |
| 7.5 | 2013-11-23 | CVE-2013-4547 | nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. |
| 6.8 | 2011-12-08 | CVE-2011-4315 | Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (5) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 6% (1) | CWE-787 | Out-of-bounds Write |
| 6% (1) | CWE-476 | NULL Pointer Dereference |
| 6% (1) | CWE-310 | Cryptographic Issues |
| 6% (1) | CWE-295 | Certificate Issues |
| 6% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 6% (1) | CWE-190 | Integer Overflow or Wraparound |
| 6% (1) | CWE-125 | Out-of-bounds Read |
| 6% (1) | CWE-116 | Improper Encoding or Escaping of Output |
| 6% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:20055 | DSA-2802-1 nginx - restriction bypass |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77762 | Kiwi kiwi_oemtitle .profile Double Quote Parsing Remote Shell Command Execution |
| 77761 | Kiwi Overlay Files Tab Appliance Cloning XSS |
| 77760 | Kiwi Image Name Parsing Remote Shell Command Execution |
| 77759 | Kiwi Overlay File Path chown Command Line Remote Shell Command Execution |
| 77184 | nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote... |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-02 | Name : SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx) File : nvt/gb_suse_2012_0237_1.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-22 (nginx) File : nvt/glsa_201203_22.nasl |
| 2012-04-02 | Name : Fedora Update for nginx FEDORA-2011-16075 File : nvt/gb_fedora_2011_16075_nginx_fc16.nasl |
| 2011-12-09 | Name : Fedora Update for nginx FEDORA-2011-16110 File : nvt/gb_fedora_2011_16110_nginx_fc15.nasl |
| 2011-11-21 | Name : nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability File : nvt/gb_nginx_50710.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39097 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39096 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39095 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39094 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39093 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39092 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39091 - Type : FILE-IMAGE - Revision : 2 |
| 2016-07-01 | ImageMagick and GraphicsMagick OpenBlob command injection attempt RuleID : 39090 - Type : FILE-IMAGE - Revision : 2 |
| 2015-03-31 | nginx URI processing security bypass attempt RuleID : 33581 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO |
| 2018-08-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_e714b7d239f649929f48e6b2f5f949df.nasl - Type: ACT_GATHER_INFO |
| 2018-05-07 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-124-01.nasl - Type: ACT_GATHER_INFO |
| 2018-05-07 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type: ACT_GATHER_INFO |
| 2017-10-12 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_9164f51eae2011e7a633009c02a2ab30.nasl - Type: ACT_GATHER_INFO |
| 2017-09-25 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-266-02.nasl - Type: ACT_GATHER_INFO |
| 2017-09-19 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL52320548.nasl - Type: ACT_GATHER_INFO |
| 2017-06-20 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1599-1.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: An application running on the remote host is affected by multiple vulnerabili... File: itunes_12_6_banner.nasl - Type: ACT_GATHER_INFO |
| 2017-05-08 | Name: The remote host contains an application that is affected by multiple vulnerab... File: macos_itunes_12_6.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2016-1029.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing a security update. File: EulerOS_SA-2017-1002.nasl - Type: ACT_GATHER_INFO |
| 2017-03-01 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL50459349.nasl - Type: ACT_GATHER_INFO |
| 2017-01-12 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-21.nasl - Type: ACT_GATHER_INFO |
| 2017-01-06 | Name: A vulnerability scanner installed on the remote host is affected by multiple ... File: pvs_5_2_0.nasl - Type: ACT_GATHER_INFO |
| 2016-12-27 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2016-359-01.nasl - Type: ACT_GATHER_INFO |
| 2016-12-27 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3746.nasl - Type: ACT_GATHER_INFO |
| 2016-12-16 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-775.nasl - Type: ACT_GATHER_INFO |
| 2016-12-15 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20161128_expat_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2016-12-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1430.nasl - Type: ACT_GATHER_INFO |
| 2016-11-29 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2016-2824.nasl - Type: ACT_GATHER_INFO |
| 2016-11-29 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2016-2824.nasl - Type: ACT_GATHER_INFO |
| 2016-11-29 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2016-0168.nasl - Type: ACT_GATHER_INFO |
| 2016-11-29 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-2824.nasl - Type: ACT_GATHER_INFO |
