Lucene search
K
SuseStudio Extension For System Z

5 matches found

CVE
CVE
added 2014/04/16 6:0 p.m.52 views

CVE-2011-4195

CVE-2011-4195 affects kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. An attacker can execute arbitrary commands via shell metacharacters in an image name. Impact: arbitrary command execution with network-accessible cont...

7.5CVSS7.8AI score0.01877EPSS
CVE
CVE
added 2014/02/26 3:0 p.m.49 views

CVE-2013-3712

CVE-2013-3712 affects SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3, which use static secret tokens. The material states the impact and attack vectors as unspecified in the description; no concrete exploitation details, affected component versions, root cause sp...

10CVSS6.8AI score0.01366EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.48 views

CVE-2011-3180

Kiwi before 4.98.08, used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. Root cause: untrusted path handling in Kiwi leads to ...

7.5CVSS7.7AI score0.02578EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.47 views

CVE-2011-4193

CVE-2011-4193 describes a Cross-site scripting (XSS) flaw in the overlay files tab of SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to...

4.3CVSS5.8AI score0.00942EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.45 views

CVE-2011-4192

CVE-2011-4192 affects kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The issue allows attackers to execute arbitrary commands, demonstrated by "double quotes in kiwi_oemtitle of .profile." The connected documents corrobo...

7.5CVSS7.7AI score0.01498EPSS