OESA-2025-1442 mod_auth_openidc security update

This module enables an Apache 2.x web server to operate as an OpenID Connect Relying PartyRP to an OpenID Connect ProviderOP. Security Fixes: modauthopenidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Par...

PT-2025-1197 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: This issue allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this issue. Th...

CVE-2024-49503

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49502

CVE-2024-49502 is a cross-site scripting vulnerability in the Setup Wizard, HTTP Proxy credentials pane of spacewalk-web. It affects SUSE Manager Server 4.3 (and related Spacewalk components) prior to versions updated by SUSE-SU-2024:4007-1, specifically before 4.3.42-150400.3.52.1 for the 4.3 li...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

CVE-2024-49503

CVE-2024-49503 is a cross-site scripting (XSS) vulnerability due to improper input neutralization in the SUSE Manager web UI, specifically the Organization Credentials sub page. Affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 before 5.0.15-150600.3.10.2 and SUSE Manager Server Module...

SUSE CVE-2024-49503

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

PT-2024-33539 · Suse · Suse/Manager/5.0/X86 64/Server +2

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server Module versions prior to 4.3.42-150400.3.52.1 Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2 Description: A Cross-site Scripting XSS issue allows attackers to execute JavaScript code in the...

Dell iDRAC Service Module 安全漏洞

The Dell iDRAC Service Module is a lightweight software module from Dell USA designed to run on Dell PowerEdge servers to enhance the functionality of iDRAC Integrated Dell Remote Access Controller. An out-of-bounds write vulnerability exists in Dell iDRAC Service Module 5.3.0.0 and earlier...

PT-2024-18089 · Unknown · Electrolink Fm/Dab/Tv Transmitter

Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides ...

BIT-LIFERAY-2021-38263

Cross-site scripting XSS vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script...

SUSE SLES15: apache2-mod_wsgi / billing-data-service / inter-server-sync / etc (SUSE-SU-2023:4737-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4737-1 advisory. billing-data-service: - Version 4.3.2-1 Relax dependency to csp-billing-adapter-service inter-server-sync: - Version 0.3.1 Require at least Go 1.20 for...

CVE-2023-22644

A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...

Code injection

An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5;...

SUSE Manager Log Information Disclosure Vulnerability

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. A log information disclosure vulnerability exists in SUSE Manager Server Module versions prior to 4.2 4.2.50-150300.3.66.5, 4.3...

CVE-2023-39238

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

CLSA-2023-1689259392 Fix CVE(s): CVE-2021-28861

SECURITY UPDATE: Redirection vulnerability in http.server - debian/patches/CVE-2021-28861.patch: Fix an open redirection vulnerability in the http.server module when an URI path starts with // - debian/patches/expat-regression.patch: some tests were fixed - CVE-2021-28861...