Studio Onsite Security Vulnerabilities and Issues — Studio Onsite CVE List

Lucene search

SuseStudio Onsite

5 matches found

CVE•added 2013/11/23 6:55 p.m.•414 views

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

7.5CVSS9.2AI score0.93651EPSS

CVE•added 2014/04/16 6:37 p.m.•38 views

CVE-2011-4195

kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.

7.5CVSS7.8AI score0.01317EPSS

CVE•added 2013/12/23 11:55 p.m.•37 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

7.2CVSS6.3AI score0.00028EPSS

CVE•added 2014/04/16 6:37 p.m.•32 views

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

7.5CVSS7.7AI score0.01486EPSS

CVE•added 2014/04/16 6:37 p.m.•31 views

CVE-2011-4192

kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

7.5CVSS7.7AI score0.00499EPSS