rpm package
suse/spacewalk-certs-tools&distro=SUSE Manager Proxy Module 4.3
pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.3
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-49503 | Low | 3.5 | < 4.3.26-150400.3.36.7 | 4.3.26-150400.3.36.7 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8. | |
| CVE-2024-49502 | Low | 3.5 | < 4.3.26-150400.3.36.7 | 4.3.26-150400.3.36.7 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe | |
| CVE-2024-47533 | Cri | 9.8 | < 4.3.26-150400.3.36.7 | 4.3.26-150400.3.36.7 | Nov 18, 2024 | Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon | |
| CVE-2023-32189 | Med | 5.9 | < 4.3.22-150400.3.25.1 | 4.3.22-150400.3.25.1 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-51775 | — | < 4.3.23-150400.3.28.5 | 4.3.23-150400.3.28.5 | Dec 25, 2023 | The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | ||
| CVE-2023-31582 | — | < 4.3.22-150400.3.25.1 | 4.3.22-150400.3.25.1 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2023-29409 | — | < 4.3.19-150400.3.18.13 | 4.3.19-150400.3.18.13 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2021-41411 | — | < 4.3.15-150400.3.6.2 | 4.3.15-150400.3.6.2 | Jun 16, 2022 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||
| CVE-2022-0860 | — | < 4.3.15-150400.3.6.2 | 4.3.15-150400.3.6.2 | Mar 11, 2022 | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. |
- affected < 4.3.26-150400.3.36.7fixed 4.3.26-150400.3.36.7
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.
- affected < 4.3.26-150400.3.36.7fixed 4.3.26-150400.3.36.7
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe
- affected < 4.3.26-150400.3.36.7fixed 4.3.26-150400.3.36.7
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon
- affected < 4.3.22-150400.3.25.1fixed 4.3.22-150400.3.25.1
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-51775Dec 25, 2023affected < 4.3.23-150400.3.28.5fixed 4.3.23-150400.3.28.5
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- CVE-2023-31582Oct 24, 2023affected < 4.3.22-150400.3.25.1fixed 4.3.22-150400.3.25.1
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2023-29409Aug 2, 2023affected < 4.3.19-150400.3.18.13fixed 4.3.19-150400.3.18.13
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2021-41411Jun 16, 2022affected < 4.3.15-150400.3.6.2fixed 4.3.15-150400.3.6.2
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
- CVE-2022-0860Mar 11, 2022affected < 4.3.15-150400.3.6.2fixed 4.3.15-150400.3.6.2
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.