13 matches found
CVE-2025-46809
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x8664/proxy-httpd:5.0.5.7.23.1: from ? befor...
CVE-2025-23392
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; Container...
CVE-2025-23392
CVE-2025-23392 is a spacewalk-java XSS vulnerability (Improper Neutralization of Script-Related HTML Tags). Affects SUSE Manager components including Spacewalk/Spacewalk-Java modules and SUSE Manager Server Module 4.3; targeted versions listed as before 5.0.24-150600.3.25.1 for several containers...
CVE-2024-49503
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
CVE-2024-49502
CVE-2024-49502 is a cross-site scripting vulnerability in the Setup Wizard, HTTP Proxy credentials pane of spacewalk-web. It affects SUSE Manager Server 4.3 (and related Spacewalk components) prior to versions updated by SUSE-SU-2024:4007-1, specifically before 4.3.42-150400.3.52.1 for the 4.3 li...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...
CVE-2024-49503
CVE-2024-49503 is a cross-site scripting (XSS) vulnerability due to improper input neutralization in the SUSE Manager web UI, specifically the Organization Credentials sub page. Affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 before 5.0.15-150600.3.10.2 and SUSE Manager Server Module...
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web
A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...
SUSE SLES15 Security Update : SUSE Manager Server 4.3 (SUSE-SU-2023:4737-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4737-1 advisory. - An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server...
CVE-2023-22644
A user can reverse engineer the JWT token JSON Web Token used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE...
Code injection
An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5;...