392 matches found
CVE-2025-23393
CVE-2025-23393 is a reflected XSS in spacewalk-java. Affected: SUSE Manager 5.0 (Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1) and SUSE Manager Server Module 4.3 (before 4.3.85-150400.3.105.3). Root cause: improper sanitization of user input in the systems list page. Impact: potential ex...
CVE-2025-23393 Reflected XSS in spacewalk-java
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...
CVE-2025-23393 Reflected XSS in spacewalk-java
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...
PT-2025-22971 · Suse +1 · Suse Manager Server Module +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 5.0.4.7.19.1 through 5.0.24-150600.3.25.1 SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3 Description: A vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users'...
CVE-2025-23392
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...
CVE-2025-23392 Reflected XSS in SystemsController.java in spacewalk-java
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...
CVE-2025-23392
CVE-2025-23392 is a spacewalk-java XSS vulnerability (Improper Neutralization of Script-Related HTML Tags). Affects SUSE Manager components including Spacewalk/Spacewalk-Java modules and SUSE Manager Server Module 4.3; targeted versions listed as before 5.0.24-150600.3.25.1 for several containers...
CVE-2025-23392 Reflected XSS in SystemsController.java in spacewalk-java
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...
CVE-2012-0421
The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file...
SUSE CVE-2025-23392
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...
SUSE CVE-2025-23393
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...
PT-2025-22644 · Suse · Spacewalk-Java
Name of the Vulnerable Software and Affected Versions: spacewalk-java versions prior to 4.3.85-150400.3.105.3 spacewalk-java versions prior to 5.0.24-150600.3.25.1 Description: A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows...
RHEL 6 : spacewalk-java (RHSA-2014:1184)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1184 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of...
SUSE SLES15 Security Update : SUSE Manager Proxy and Retail Branch Server 4.3 (SUSE-SU-2024:4006-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4006-1 advisory. cobbler: - Security issues fixed: CVE-2024-47533: Prevent privilege escalation from none to admin bsc1231332 - Other bugs fixed: Increase start...
CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
SUSE CVE-2024-49502
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Description: This update fixes the following issues: proxy-httpd-image: Version 5.0.8 Store Proxy FQDN in rhn.conf for auth token use bsc1230255 proxy-salt-broker-image: Version 5.0.8 Update for next release proxy-squid-image: Version 5.0.8 Update for next release proxy-ssh-image: Version 5.0.8...