Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-16 | CVE-2011-4193 | Cross-Site Scripting vulnerability in Suse Studio Extension for System Z and Studio Onsite Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning. | 4.3 |
| 2014-04-16 | CVE-2011-4192 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile." Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" | 7.5 |
| 2014-04-16 | CVE-2011-4089 | Permissions, Privileges, and Access Controls vulnerability in Bzip Bzip2 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | 4.6 |
| 2014-04-16 | CVE-2011-3180 | Unspecified vulnerability in Suse Kiwi, Studio Extension for System Z and Studio Onsite kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown. | 7.5 |
| 2014-04-16 | CVE-2011-0993 | Permissions, Privileges, and Access Controls vulnerability in Novell Suse Lifecycle Management Server 1.0 SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2014-04-16 | CVE-2011-0460 | Link Following vulnerability in multiple products The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map. | 6.3 |
| 2014-04-16 | CVE-2014-2471 | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. network oracle | 4.3 |
| 2014-04-16 | CVE-2014-2470 | Remote Security vulnerability in Oracle WebLogic Server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. | 7.5 |
| 2014-04-16 | CVE-2014-2468 | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-4230. network oracle | 4.3 |
| 2014-04-16 | CVE-2014-2467 | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445. network oracle | 3.5 |