rpm package
suse/saltboot-formula&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-49503 | Low | 3.5 | < 0.1.1723628891.ffb1da5-150400.3.18.4 | 0.1.1723628891.ffb1da5-150400.3.18.4 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8. | |
| CVE-2024-49502 | Low | 3.5 | < 0.1.1723628891.ffb1da5-150400.3.18.4 | 0.1.1723628891.ffb1da5-150400.3.18.4 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe | |
| CVE-2024-47533 | Cri | 9.8 | < 0.1.1723628891.ffb1da5-150400.3.18.4 | 0.1.1723628891.ffb1da5-150400.3.18.4 | Nov 18, 2024 | Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon | |
| CVE-2023-32189 | Med | 5.9 | < 0.1.1701196218.b6b8ca1-150400.3.15.3 | 0.1.1701196218.b6b8ca1-150400.3.15.3 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-31582 | — | < 0.1.1701196218.b6b8ca1-150400.3.15.3 | 0.1.1701196218.b6b8ca1-150400.3.15.3 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2022-1415 | — | < 0.1.1673279145.e7616bd-150400.3.6.3 | 0.1.1673279145.e7616bd-150400.3.6.3 | Sep 11, 2023 | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. | ||
| CVE-2023-29409 | — | < 0.1.1692188980.9aa0455-150400.3.12.13 | 0.1.1692188980.9aa0455-150400.3.12.13 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2021-41411 | — | < 0.1.1661440542.6cbe0da-150400.3.3.1 | 0.1.1661440542.6cbe0da-150400.3.3.1 | Jun 16, 2022 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||
| CVE-2022-0860 | — | < 0.1.1661440542.6cbe0da-150400.3.3.1 | 0.1.1661440542.6cbe0da-150400.3.3.1 | Mar 11, 2022 | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. |
- affected < 0.1.1723628891.ffb1da5-150400.3.18.4fixed 0.1.1723628891.ffb1da5-150400.3.18.4
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.
- affected < 0.1.1723628891.ffb1da5-150400.3.18.4fixed 0.1.1723628891.ffb1da5-150400.3.18.4
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe
- affected < 0.1.1723628891.ffb1da5-150400.3.18.4fixed 0.1.1723628891.ffb1da5-150400.3.18.4
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon
- affected < 0.1.1701196218.b6b8ca1-150400.3.15.3fixed 0.1.1701196218.b6b8ca1-150400.3.15.3
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-31582Oct 24, 2023affected < 0.1.1701196218.b6b8ca1-150400.3.15.3fixed 0.1.1701196218.b6b8ca1-150400.3.15.3
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2022-1415Sep 11, 2023affected < 0.1.1673279145.e7616bd-150400.3.6.3fixed 0.1.1673279145.e7616bd-150400.3.6.3
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
- CVE-2023-29409Aug 2, 2023affected < 0.1.1692188980.9aa0455-150400.3.12.13fixed 0.1.1692188980.9aa0455-150400.3.12.13
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2021-41411Jun 16, 2022affected < 0.1.1661440542.6cbe0da-150400.3.3.1fixed 0.1.1661440542.6cbe0da-150400.3.3.1
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
- CVE-2022-0860Mar 11, 2022affected < 0.1.1661440542.6cbe0da-150400.3.3.1fixed 0.1.1661440542.6cbe0da-150400.3.3.1
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.