CVE-2011-0993
- EPSS 0.13%
- Published 16.04.2014 18:37:09
- Last modified 12.04.2025 10:46:40
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-3709
- EPSS 0.03%
- Published 23.12.2013 23:55:04
- Last modified 11.04.2025 00:51:21
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
CVE-2013-3710
- EPSS 1.42%
- Published 10.12.2013 16:55:25
- Last modified 11.04.2025 00:51:21
SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product i...
CVE-2013-7042
- EPSS 0.12%
- Published 10.12.2013 16:55:25
- Last modified 11.04.2025 00:51:21
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.
CVE-2010-1325
- EPSS 0.14%
- Published 03.09.2010 20:00:01
- Last modified 11.04.2025 00:51:21
Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors relat...