Vulnerabilities > Suse > Studio Onsite > 1.3

DATE CVE VULNERABILITY TITLE RISK
2014-02-26 CVE-2013-3712 Cryptographic Issues vulnerability in Suse Studio Extension for System Z and Studio Onsite
SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
network
low complexity
suse CWE-310
critical
 10.0
10
2013-12-23 CVE-2013-3709 Permissions, Privileges, and Access Controls vulnerability in multiple products
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
local
low complexity
novell suse CWE-264
7.2
7.2
2013-11-23 CVE-2013-4547 Improper Encoding or Escaping of Output vulnerability in multiple products
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
network
low complexity
f5 suse opensuse CWE-116
7.5
7.5