Suse

Manager Server

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.7

CVE-2024-22037

  • EPSS 0.04%
  • Published 28.11.2024 10:15:06
  • Last modified 28.11.2024 10:15:06

The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users.

5.5

CVE-2023-22644

  • EPSS 0.04%
  • Published 20.09.2023 09:15:12
  • Last modified 21.11.2024 07:45:07

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

7.5

CVE-2023-29552

Warning Exploit
  • EPSS 93.54%
  • Published 25.04.2023 16:15:09
  • Last modified 27.03.2025 14:08:54

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification f...

4.3

CVE-2022-43753

Exploit
  • EPSS 0.12%
  • Published 10.11.2022 15:15:19
  • Last modified 21.11.2024 07:27:09

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Serv...

5.4

CVE-2022-43754

  • EPSS 0.08%
  • Published 10.11.2022 15:15:19
  • Last modified 21.11.2024 07:27:09

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manag...

4.3

CVE-2022-31255

  • EPSS 0.09%
  • Published 10.11.2022 15:15:13
  • Last modified 21.11.2024 07:04:13

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Ser...

5.3

CVE-2022-31248

Exploit
  • EPSS 0.19%
  • Published 22.06.2022 10:15:08
  • Last modified 21.11.2024 07:04:13

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4....

7.5

CVE-2022-21952

Exploit
  • EPSS 0.36%
  • Published 22.06.2022 10:15:07
  • Last modified 21.11.2024 06:45:46

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Ser...

7.8

CVE-2022-27239

  • EPSS 0.12%
  • Published 27.04.2022 14:15:09
  • Last modified 21.11.2024 06:55:28

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

7.8

CVE-2021-4034

Warning Exploit
  • EPSS 86.52%
  • Published 28.01.2022 20:15:12
  • Last modified 03.04.2025 18:53:12

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pk...