Skip to main content

Webyast

3 CVEs product

Monthly

CVE-2013-3709 HIGH POC This Week

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Suse Lifecycle Management Server Studio Onsite Webyast
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-4547 HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server Studio Onsite Webyast +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
90.9%
Threat
5.7
CVE-2012-0435 MEDIUM This Month

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Webyast
NVD
CVSS 2.0
5.8
EPSS
0.7%
EPSS 0% CVSS 7.2
HIGH POC This Week

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Suse Lifecycle Management Server Studio Onsite +1
NVD GitHub
EPSS 91% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server +3
NVD Exploit-DB
EPSS 1% CVSS 5.8
MEDIUM This Month

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Webyast
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy