Luci
by Red Hat
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3085 | 0.00 | — | 0.00 | Jun 3, 2023 | A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the… | |||
| CVE-2014-3593 | 0.00 | — | 0.01 | Oct 15, 2014 | Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||
| CVE-2013-4482 | 0.00 | — | 0.00 | Nov 23, 2013 | Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. | |||
| CVE-2013-4481 | 0.00 | — | 0.00 | Nov 23, 2013 | Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets." | |||
| CVE-2011-0720 | 0.00 | — | 0.03 | Feb 3, 2011 | Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. | |||
| CVE-2010-3852 | 0.00 | — | 0.02 | Nov 6, 2010 | The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. |
- CVE-2023-3085Jun 3, 2023risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the…
- CVE-2014-3593Oct 15, 2014risk 0.00cvss —epss 0.01
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
- CVE-2013-4482Nov 23, 2013risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
- CVE-2013-4481Nov 23, 2013risk 0.00cvss —epss 0.00
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
- CVE-2011-0720Feb 3, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
- CVE-2010-3852Nov 6, 2010risk 0.00cvss —epss 0.02
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie.