Novell Suse Lifecycle Management Server — known CVE vulnerabilities
Every CVE whose affected-product data names Novell Suse Lifecycle Management Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2013-3709 — CVSS 7.2 (high): WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails…
CVE-2013-7042 — CVSS 4.6 (medium): SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain…
CVE-2010-1325 — CVSS 4.3 (medium): Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux…
CVE-2013-3710 — CVSS 4.3 (medium): SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote…
CVE-2011-0993 — CVSS 2.1 (low): SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive…