CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Novell 1Suse Lifecycle Management Server May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. |
2Novell Suse3Studio Onsite Suse Lifecycle Management ServerWebyastApr 29, 2026 Dec 23, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. |
1Novell 1Suse Lifecycle Management Server Apr 29, 2026 Dec 10, 2013 N/A· v4 N/A· v3 4.6 MEDIUM· v2 SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. |
1Novell 1Suse Lifecycle Management Server Apr 29, 2026 Dec 10, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledg...Show more |
1Novell 1Suse Lifecycle Management Server Apr 29, 2026 Sep 3, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspeci...Show more |