PT-2022-20637 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1 Description: A Observable Response Discrepancy issue in spacewalk-java of SUSE Manager Server allows remote...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

PT-2022-15201 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37 Description: A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

Code injection

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

CVE-2021-40348

CVE-2021-40348 affects Spacewalk 2.10 and derivatives (Uyuni 2021.08) due to an unsanitized configuration filename in rhn-config-satellite.pl, enabling potential code injection when the Spacewalk-specific key/value is appended and the script runs as root via sudo. Concrete details from multiple c...

CVE-2021-40348

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation...

SUSE: Security Advisory (SUSE-SU-2021:14833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Spacewalk 代码注入漏洞

spacewalk is an open source Linux system administration solution. Spacewalk 2.10 suffers from a code injection vulnerability, no information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

PT-2021-22868 · Suse +1 · Uyuni +2

Name of the Vulnerable Software and Affected Versions: Spacewalk version 2.10 Uyuni version 2021.08 Uyuni spacewalk-admin versions prior to 4.3.2-1 Description: The issue allows code injection due to the lack of sanitization of the configuration filename used by the rhn-config-satellite.pl script...

Security update for SUSE Manager Client Tools (moderate)

openSUSE Security Update: Security update for SUSE Manager Client Tools Announcement ID: openSUSE-SU-2021:2675-1 Rating: moderate References: 1175478 1186242 1186508 1186581 1186650 1188846 SLE-18254 Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVE-2021-29622 CVSS...

SUSE: Security Advisory (SUSE-SU-2021:14753-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2019:14163-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2019:14163-1 advisory. - It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired,...

SUSE: Security Advisory (SUSE-SU-2020:14570-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2020:3781-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: image-sync-formula: - Send imagesynced event to master postgresql-jdbc: - Address CVE-2020-13692 bsc1172079 pxe-yomi-image-sle15: - Update config.sh based on last JeOS template - Update JEOSLOCALE to enUS.UTF-8 - Support configurlname for user provided...

SUSE Access Control Error Vulnerability

SUSE Manager is a Linux server management system from SUSE Germany. The system provides automated software management, system configuration and monitoring. spacewalk is an open source Linux system management solution. An access control error vulnerability exists in SUSE. The vulnerability arises...

CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system...

The vulnerability of the /rpc/api component of the Red Hat Spacewalk system management software allows a attacker to disclose sensitive information, cause service failures, or execute arbitrary code.

The vulnerability of the /rpc/api component of the Red Hat Spacewalk software suite relates to incorrect restrictions on XML links to external objects. Exploitation of this vulnerability could allow a malicious actor to disclose sensitive information, cause service failures, or execute arbitrary...