Vulnerability Description
Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Marcus Schafer | Kiwi | <= 3.74.1 |
| Novell | Suse Studio Onsite | 1.1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
- http://support.novell.com/security/cve/CVE-2011-2651.html
- http://www.securityfocus.com/bid/49236
- https://bugzilla.novell.com/show_bug.cgi?id=702041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69286
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00013.html
- http://support.novell.com/security/cve/CVE-2011-2651.html
- http://www.securityfocus.com/bid/49236
- https://bugzilla.novell.com/show_bug.cgi?id=702041
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69286
FAQ
What is CVE-2011-2651?
CVE-2011-2651 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in the file browser in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to execute arbitrary code via a crafted filename.
How severe is CVE-2011-2651?
CVE-2011-2651 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2651?
Check the references section above for vendor advisories and patch information. Affected products include: Marcus Schafer Kiwi, Novell Suse Studio Onsite.