CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-3709
https://notcve.org/view.php?id=CVE-2013-3709
23 Dec 2013 — WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file. WebYaST v1.3 usa permisos débiles en config/initializers/secret_token.rb, lo que permite a usuarios locales obtener privilegios mediante la lectura del token secreto de Rails de este archivo. • http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-7042
https://notcve.org/view.php?id=CVE-2013-7042
10 Dec 2013 — SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. SUSE Lifecycle Management Server (SLMS) anterior a la versión 1.3.7 utiliza permisos world-readable para claves secretas, lo que permite a usuarios locales obtener privilegios a través de vectores sin especificar. • http://osvdb.org/100652 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2013-3710
https://notcve.org/view.php?id=CVE-2013-3710
10 Dec 2013 — SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere. SUSE Lifecycle Management Server (SLMS) anteriores a 1.3.7 no genera una nueva clave secreta cuando el servicio arranca, lo que permite a atacantes remotos evadir mecanismos de proteccion criptográfica aprovechando el conocimiento de esta ... • http://osvdb.org/100653 • CWE-310: Cryptographic Issues •