12 matches found
CVE-2021-4034
Polkit pkexec (setuid) contains a local privilege escalation flaw where pkexec fails to validate the calling parameter count and may treat crafted environment variables as commands, enabling unprivileged users to execute arbitrary code with root privileges. This has been reported across multiple ...
CVE-2026-31431
CVE-2026-31431 is a local privilege escalation in the Linux kernel’s algif_aead/AF_ALG path. The root cause is an in-place operation bug in the AEAD handling, which can be exercised via AF_ALG sockets with the authencesn algorithm and splice() to corrupt the kernel page cache of readable files wi...
CVE-2023-29552
CVE-2023-29552 describes a DoS vulnerability in the Service Location Protocol (SLP) where an unauthenticated remote attacker can register arbitrary services, causing SLP server to respond with spoofed traffic and enabling large amplification (reported up to ~2,200x). Documented impacts include po...
CVE-2022-27239
CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...
CVE-2023-22644
CVE-2023-22644 describes a JWT authentication weakness in NeuVector where an attacker can reverse engineer the token used for Manager and API access to forge a valid NeuVector token, enabling malicious activity and potentially Remote Code Execution (RCE). Public details in the provided documents ...
CVE-2022-21952
CVE-2022-21952 is a Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1 and 4.2. The issue allows remote attackers to exhaust disk resources and trigger a Denial of Service. Affected are: SUSE Manager Server 4.1 spacewalk-java versions prior to ...
CVE-2014-3595
CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...
CVE-2022-31248
CVE-2022-31248 is a Spacewalk/spacewalk-java vulnerability in SUSE Manager Server 4.1 and 4.2 where an observable response discrepancy allows remote attackers to enumerate valid usernames. Affected: spacewalk-java before 4.1.46-1 on 4.1 and before 4.2.37-1 on 4.2. There are no exploit details in ...
CVE-2022-43754
CVE-2022-43754 describes an XSS vulnerability in spacewalk/Uyuni within the SUSE Manager Server ecosystem (SUSE Manager Server 4.2 and 4.3). The issue is caused by improper neutralization of input during web page generation, allowing remote attackers to embed Javascript via the path /rhn/audit/sc...
CVE-2014-3654
CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...
CVE-2022-31255
CVE-2022-31255 is a path traversal vulnerability affecting SUSE Manager Server components (spacewalk/Uyuni) in SUSE Manager Server 4.2 and 4.3. The issue permits remote attackers to read files accessible to the process user (typically tomcat) by exploiting improper restriction of pathnames to res...
CVE-2022-43753
CVE-2022-43753 is a path traversal vulnerability in spacewalk/Uyuni components of SUSE Manager Server 4.2 and 4.3. Public advisories indicate the issue allows a remote attacker to read files accessible to the process user (typically tomcat) via various Spacewalk/SUMA components (hub-xmlrpc-api, i...