SUSE CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

PT-2022-37537 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 4.2.44-1 and earlier spacewalk-web versions 4.2.31-1 and earlier Description: The issue concerns the disclosure of the Proxy password in the browser console log. This problem is resolved by updating the affected...

Oracle Linux 7 : spacewalk-backend / spacewalk-java (ELSA-2022-10024)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10024 advisory. - Fix CVE-2022-43753 Orabug: 34814068 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Path traversal

A Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

SUSE-SU-2022:3880-1 Security update for spacewalk-java

This update for spacewalk-java fixes the following issues: - CVE-2022-31255: Fix directory path traversal vulnerability bsc1204543 - CVE-2022-43754: Fix reflected cross site scripting vulnerability bsc1204741 - CVE-2022-43753: Fix arbitrary file disclosure vulnerability bsc1204716...

PT-2022-20642 · Suse · Release-Notes-Susemanager +5

Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prio...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

Design/Logic Flaw

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

Authentication flaw

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

CVE-2022-31248

CVE-2022-31248 is a Spacewalk/spacewalk-java vulnerability in SUSE Manager Server 4.1 and 4.2 where an observable response discrepancy allows remote attackers to enumerate valid usernames. Affected: spacewalk-java before 4.1.46-1 on 4.1 and before 4.2.37-1 on 4.2. There are no exploit details in ...

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

CVE-2022-21952 SUMA unauthenticated remote DoS via resource exhaustion

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

SUSE-SU-2022:2144-1 Security update for SUSE Manager Server 4.2

This update fixes the following issues: inter-server-sync: - version 0.2.2 Parameter --channel-with-children didn't export data bsc1199089 Clean rhnchannelcloned table to rebuild hierarchy bsc1197400 - Version 0.2.1 Correct sequence in use for table rhnpackagekeybsc1197400 Make Docker image expor...

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46...

PT-2022-20637 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1 Description: A Observable Response Discrepancy issue in spacewalk-java of SUSE Manager Server allows remote...

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java...

PT-2022-15201 · Suse · Suse Manager Server +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37 Description: A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows...

Cross-site Scripting (XSS)

spacewalk-java is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...