Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail Branch Server

Description: This update fixes the following issues: mgr-daemon: Version 4.3.12-0: Updated translation strings proxy-helm: Version 4.3.17: Chart rebuilt to the newest version with updated dependencies for SUSE Manager 4.3.16 proxy-httpd-image: Version 4.3.18: Image rebuilt to the newest version...

CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

SUSE CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

PT-2022-37537 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 4.2.44-1 and earlier spacewalk-web versions 4.2.31-1 and earlier Description: The issue concerns the disclosure of the Proxy password in the browser console log. This problem is resolved by updating the affected...

Path traversal

A Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

Cross-site Scripting (XSS)

spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as a remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface...

Cross-site Scripting (XSS)

spacewalk-web is vulnerable to cross-site scripting XSS. The vulnerability exists as multiple cross-site scripting XSS flaws were found in the RHN Satellite web interface. A remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web...

Open Redirect

spacewalk-web is vulnerable to open redirect. The vulnerability exists as a remote attacker able to trick a victim to open the login page using a specially-crafted link could redirect the victim to an arbitrary page after they successfully log in...

Multiple Cross-site Scripting (XSS)

Spacewalk Web-UI and Red Hat Satellite 5.7 is vulnerable to cross-site scripting XSS attacks. The vulnerability exists because it does not properly sanitize parameters in systems/SystemEntitlements.do; and admin/multiorg/EntitlementDetails.do, allowing the attacker to inject arbitrary script...

RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...