VYPR

rpm package

suse/release-notes-susemanager&distro=SUSE Manager Server LTS 4.3

pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%20LTS%204.3

Vulnerabilities (9)

  • CVE-2025-58190Feb 5, 2026
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-47911Feb 5, 2026
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

  • CVE-2025-62349MedJan 30, 2026
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to p

  • CVE-2025-62348HigJan 30, 2026
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.

  • CVE-2025-11065MedJan 26, 2026
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data process

  • CVE-2025-64751Nov 21, 2025
    affected < 4.3.16.2-150400.3.148.1fixed 4.3.16.2-150400.3.148.1

    OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.4.0 to v1.11.0 ( openfga-0.1.34 <= Helm chart <= openfga-0.2.48, v.1.4.0 <= docker <= v.1.11.0) are vulnerable to improper policy enforcemen

  • CVE-2025-53883CriOct 30, 2025
    affected < 4.3.16.1-150400.3.143.2fixed 4.3.16.1-150400.3.143.2

    A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: from ? before 5.0.28-15060

  • CVE-2025-53880HigOct 30, 2025
    affected < 4.3.16.1-150400.3.143.2fixed 4.3.16.1-150400.3.143.2

    A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restr

  • CVE-2025-53192Aug 18, 2025
    affected < 4.3.16.1-150400.3.143.2fixed 4.3.16.1-150400.3.143.2

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression