Suse Webyast vulnerabilities
4 known vulnerabilities affecting suse/webyast.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2013-3709HIGHCVSS 7.2v1.32013-12-23
CVE-2013-3709 [HIGH] CWE-264 CVE-2013-3709: WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
nvd
CVE-2013-4547HIGHCVSS 7.5PoCv1.32013-11-23
CVE-2013-4547 [HIGH] CWE-116 CVE-2013-4547: nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restric
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
nvd
CVE-2012-0435MEDIUMCVSS 5.8v1.22013-01-26
CVE-2012-0435 [MEDIUM] CVE-2012-0435: SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequen
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
nvd
CVE-2011-4315MEDIUMCVSS 6.8v1.22011-12-08
CVE-2011-4315 [MEDIUM] CWE-787 CVE-2011-4315: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before
Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
nvd