Lucene search
K
SuseManager Server

12 matches found

CVE
CVE
added 2022/01/28 12:0 a.m.2223 views

CVE-2021-4034

Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...

7.8CVSS8.5AI score0.94921EPSS
In wild
CVE
CVE
added 2026/04/22 8:15 a.m.799 views

CVE-2026-31431

CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...

7.8CVSS5.6AI score0.96267EPSS
In wild
CVE
CVE
added 2023/04/25 12:0 a.m.438 views

CVE-2023-29552

CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...

7.5CVSS7.4AI score0.65873EPSS
In wild
CVE
CVE
added 2022/04/27 12:0 a.m.181 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00557EPSS
CVE
CVE
added 2023/09/20 8:12 a.m.98 views

CVE-2023-22644

CVE-2023-22644 describes a JWT authentication weakness in NeuVector where an attacker can reverse engineer the token used for Manager and API access to forge a valid NeuVector token, enabling malicious activity and potentially Remote Code Execution (RCE). Public details in the provided documents ...

9.4CVSS5.3AI score0.00452EPSS
CVE
CVE
added 2022/06/22 10:5 a.m.89 views

CVE-2022-21952

CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...

7.5CVSS7.6AI score0.01448EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.75 views

CVE-2014-3595

CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2022/06/22 10:5 a.m.75 views

CVE-2022-31248

CVE-2022-31248 is a Spacewalk/spacewalk-java vulnerability in SUSE Manager Server 4.1 and 4.2 where an observable response discrepancy allows remote attackers to enumerate valid usernames. Affected: spacewalk-java before 4.1.46-1 on 4.1 and before 4.2.37-1 on 4.2. There are no exploit details in ...

5.3CVSS5.2AI score0.00961EPSS
CVE
CVE
added 2022/11/10 7:30 a.m.73 views

CVE-2022-43754

CVE-2022-43754 describes an XSS vulnerability in spacewalk/Uyuni within the SUSE Manager Server ecosystem (SUSE Manager Server 4.2 and 4.3). The issue is caused by improper neutralization of input during web page generation, allowing remote attackers to embed Javascript via the path /rhn/audit/sc...

5.4CVSS4.7AI score0.00382EPSS
CVE
CVE
added 2014/11/03 4:0 p.m.71 views

CVE-2014-3654

CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2022/11/10 7:30 a.m.65 views

CVE-2022-31255

CVE-2022-31255 is a path traversal vulnerability affecting SUSE Manager Server components (spacewalk/Uyuni) in SUSE Manager Server 4.2 and 4.3. The issue permits remote attackers to read files accessible to the process user (typically tomcat) by exploiting improper restriction of pathnames to res...

4.3CVSS4.6AI score0.0068EPSS
CVE
CVE
added 2022/11/10 7:30 a.m.64 views

CVE-2022-43753

CVE-2022-43753 is a path traversal vulnerability in spacewalk/Uyuni components of SUSE Manager Server 4.2 and 4.3. Public advisories indicate the issue allows a remote attacker to read files accessible to the process user (typically tomcat) via various Spacewalk/SUMA components (hub-xmlrpc-api, i...

4.3CVSS4.5AI score0.00733EPSS