Scientificlinux Luci vulnerabilities
3 known vulnerabilities affecting scientificlinux/luci.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2014-3593MEDIUMCVSS 6.0v0.26.02014-10-15
CVE-2014-3593 [MEDIUM] CWE-94 CVE-2014-3593: Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissio
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
nvd
CVE-2013-4482MEDIUMCVSS 6.2v0.26.02013-11-23
CVE-2013-4482 [MEDIUM] CVE-2013-4482: Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
nvd
CVE-2013-4481LOWCVSS 1.9v0.26.02013-11-23
CVE-2013-4481 [LOW] CWE-362 CVE-2013-4481: Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions bef
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
nvd