cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2016-0376,https://securityvulnerability.io/vulnerability/CVE-2016-0376,,"The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.",Novell,"Suse Manager,Suse Linux Enterprise Server,Suse Manager Proxy,Suse Linux Enterprise Module For Legacy Software,Suse Openstack Cloud,Suse Linux Enterprise Software Development Kit",8.1,HIGH,0.2616499960422516,false,false,false,false,,false,false,2016-06-03T14:00:00.000Z,0
CVE-2011-0993,https://securityvulnerability.io/vulnerability/CVE-2011-0993,,"SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.",Novell,Suse Lifecycle Management Server,,,0.0005000000237487257,false,false,false,false,,false,false,2014-04-16T18:00:00.000Z,0
CVE-2013-3710,https://securityvulnerability.io/vulnerability/CVE-2013-3710,,"SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product installation elsewhere.",Novell,Suse Lifecycle Management Server,,,0.004639999940991402,false,false,false,false,,false,false,2013-12-10T15:00:00.000Z,0
CVE-2013-7042,https://securityvulnerability.io/vulnerability/CVE-2013-7042,,"SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.",Novell,Suse Lifecycle Management Server,,,0.0005000000237487257,false,false,false,false,,false,false,2013-12-10T15:00:00.000Z,0
CVE-2012-0414,https://securityvulnerability.io/vulnerability/CVE-2012-0414,,Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name.,Novell,Suse Manager,,,0.02012999914586544,false,false,false,false,,false,false,2013-12-02T02:00:00.000Z,0
CVE-2010-1325,https://securityvulnerability.io/vulnerability/CVE-2010-1325,,"Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting.  NOTE: some sources report that this is a vulnerability in a product named ""Apache SLMS,"" but that is incorrect.",Novell,Suse Lifecycle Management Server,,,0.0011599999852478504,false,false,false,false,,false,false,2010-09-03T19:00:00.000Z,0