cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2017-14806,https://securityvulnerability.io/vulnerability/CVE-2017-14806,Insecure handling of repodata and packages in SUSE Studio onlite,"A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions.",Suse,Studio Onsite,3.7,LOW,0.0013699999544769526,false,,false,false,false,,,false,false,,2020-01-27T00:00:00.000Z,0
CVE-2017-14807,https://securityvulnerability.io/vulnerability/CVE-2017-14807,SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite,"An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions.",Suse,Studio Onsite,8.1,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2020-01-27T00:00:00.000Z,0
CVE-2011-0467,https://securityvulnerability.io/vulnerability/CVE-2011-0467,SQL injection in SUSE studio via select parameter,"A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1.",Suse,"Suse Studio Onsite,Suse Studio Onsite 1.1 Appliance",8.8,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2018-06-07T21:29:00.000Z,0
CVE-2011-4195,https://securityvulnerability.io/vulnerability/CVE-2011-4195,,"kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.",Suse,"Studio Extension For System Z,Studio Onsite,Kiwi",,,0.006560000125318766,false,,false,false,false,,,false,false,,2014-04-16T18:00:00.000Z,0
CVE-2011-3180,https://securityvulnerability.io/vulnerability/CVE-2011-3180,,"kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.",Suse,"Studio Extension For System Z,Studio Onsite,Kiwi",,,0.006560000125318766,false,,false,false,false,,,false,false,,2014-04-16T18:00:00.000Z,0
CVE-2011-4192,https://securityvulnerability.io/vulnerability/CVE-2011-4192,,"kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by ""double quotes in kiwi_oemtitle of .profile.""",Suse,"Studio Extension For System Z,Kiwi,Studio Onsite",,,0.0019099999917671084,false,,false,false,false,,,false,false,,2014-04-16T18:00:00.000Z,0
CVE-2011-4193,https://securityvulnerability.io/vulnerability/CVE-2011-4193,,"Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.",Suse,"Studio Extension For System Z,Studio Onsite",,,0.0012600000482052565,false,,false,false,false,,,false,false,,2014-04-16T18:00:00.000Z,0
CVE-2013-3712,https://securityvulnerability.io/vulnerability/CVE-2013-3712,,"SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses ""static"" secret tokens, which has unspecified impact and vectors.",Suse,"Studio Onsite,Studio Extension For System Z",,,0.0017099999822676182,false,,false,false,false,,,false,false,,2014-02-26T15:00:00.000Z,0
CVE-2013-3709,https://securityvulnerability.io/vulnerability/CVE-2013-3709,,"WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.",Suse,"Studio Onsite,Suse Lifecycle Management Server,Webyast",,,0.0004600000102072954,false,,false,false,false,,,false,false,,2013-12-23T23:00:00.000Z,0