NotCVE - vendor:"Suse" product:"Studio Onsite"

22 results (0.004 seconds)

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-14807 – SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite

https://notcve.org/view.php?id=CVE-2017-14807

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions. Una Neutralización Inapropiada de Elementos Especiales utilizados en una vulnerabilidad de Comando SQL ("SQL Injection") en susestudio-ui-server de SUSE Studio onsite, permite a atacantes remotos con privilegios de administrador en Studio alterar las sentencias SQL, permitiendo una extracción y modificación de datos. Este problema afecta a: susestudio-ui-server de SUSE Studio onsite versión 1.3.17-56.6.3 y anteriores. • https://bugzilla.suse.com/show_bug.cgi?id=1065396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-14806 – Insecure handling of repodata and packages in SUSE Studio onlite

https://notcve.org/view.php?id=CVE-2017-14806

A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. Una vulnerabilidad de Comprobación de Certificado Inapropiada en susestudio-common de SUSE Studio onsite, permite a atacantes remotos conexiones de tipo MITM hacia los repositorios, lo que permite la modificación de los paquetes recibidos por medio de estas conexiones. Este problema afecta a: susestudio-common de SUSE Studio onsite versión 1.3.17-56.6.3 y anteriores. • https://bugzilla.suse.com/show_bug.cgi?id=1065397 • CWE-295: Improper Certificate Validation •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2011-0467 – SQL injection in SUSE studio via select parameter

https://notcve.org/view.php?id=CVE-2011-0467

A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. Una vulnerabilidad en la lista de software disponible de SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance permite a los usuarios autenticados ejecutar sentencias SQL arbitrarias mediante inyección SQL. Las versiones afectadas son SUSE Studio Onsite: versiones anteriores a la versión 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versiones anteriores a la versión 1.1.2-0.25.1. • https://bugzilla.suse.com/show_bug.cgi?id=675039 https://www.suse.com/security/cve/CVE-2011-0467 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 1%CPEs: 16EXPL: 0

CVE-2014-9845

https://notcve.org/view.php?id=CVE-2014-9845

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. La función ReadDIBImage en coders/dib.c en ImageMagick permite a atacantes provocar una denegación de servicio (caída) a través de un archivo dib corrompido. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0

CVE-2014-9844

https://notcve.org/view.php?id=CVE-2014-9844

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. La función ReadRLEImage en coders/rle.c en ImageMagick 6.8.9.9 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo de imagen manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00018.html http://www.openwall.com/lists/oss-security/2016/06/02 • CWE-125: Out-of-bounds Read •

1 2 3 4 5