Vulnerabilities > Suse > Webyast > High

DATE CVE VULNERABILITY TITLE RISK
2013-12-23 CVE-2013-3709 Permissions, Privileges, and Access Controls vulnerability in multiple products
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
local
low complexity
novell suse CWE-264
7.2
2013-11-23 CVE-2013-4547 Improper Encoding or Escaping of Output vulnerability in multiple products
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
network
low complexity
f5 suse opensuse CWE-116
7.5