Studio Extension For System Z Security Vulnerabilities and Issues — Studio Extension For System Z CVE List

Lucene search

SuseStudio Extension For System Z

5 matches found

CVE•added 2014/04/16 6:37 p.m.•38 views

CVE-2011-4195

kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.

7.5CVSS7.8AI score0.01317EPSS

CVE•added 2014/02/26 3:55 p.m.•37 views

CVE-2013-3712

SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.

10CVSS6.8AI score0.00332EPSS

CVE•added 2014/04/16 6:37 p.m.•35 views

CVE-2011-4193

Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2014/04/16 6:37 p.m.•32 views

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

7.5CVSS7.7AI score0.01486EPSS

CVE•added 2014/04/16 6:37 p.m.•31 views

CVE-2011-4192

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

7.5CVSS7.7AI score0.00499EPSS