Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Suse Lifecycle Management Server Security Vulnerabilities - 2013

cve
cve

CVE-2013-3709

WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.

6.3AI Score

0.0005EPSS

2013-12-23 11:55 PM
27
cve
cve

CVE-2013-3710

SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.

6.8AI Score

0.005EPSS

2013-12-10 04:55 PM
22
cve
cve

CVE-2013-7042

SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.

6.8AI Score

0.001EPSS

2013-12-10 04:55 PM
31