Webyast Security Vulnerabilities and Issues — Webyast CVE List

Lucene search

SuseWebyast

4 matches found

CVE•added 2013/11/23 6:55 p.m.•414 views

CVE-2013-4547

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.

7.5CVSS9.2AI score0.93651EPSS

CVE•added 2011/12/08 8:55 p.m.•92 views

CVE-2011-4315

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

6.8CVSS7.6AI score0.02811EPSS

CVE•added 2013/01/26 9:55 p.m.•48 views

CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.

5.8CVSS6.7AI score0.0069EPSS

CVE•added 2013/12/23 11:55 p.m.•37 views

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

7.2CVSS6.3AI score0.00028EPSS