rpm package
suse/spacewalk-setup&distro=SUSE Manager Server Module 4.2
pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22644 | — | < 4.2.12-150300.3.18.3 | 4.2.12-150300.3.18.3 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2023-29409 | — | < 4.2.13-150300.3.21.3 | 4.2.13-150300.3.21.3 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2022-31248 | — | < 4.2.11-150300.3.15.2 | 4.2.11-150300.3.15.2 | Jun 22, 2022 | A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4. | ||
| CVE-2021-40325 | — | < 4.2.8-3.6.1 | 4.2.8-3.6.1 | Oct 4, 2021 | Cobbler before 3.3.0 allows authorization bypass for modification of settings. | ||
| CVE-2021-40324 | — | < 4.2.8-3.6.1 | 4.2.8-3.6.1 | Oct 4, 2021 | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. | ||
| CVE-2021-40323 | — | < 4.2.8-3.6.1 | 4.2.8-3.6.1 | Oct 4, 2021 | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | ||
| CVE-2020-25638 | — | < 4.2.10-150300.3.12.1 | 4.2.10-150300.3.12.1 | Dec 2, 2020 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u |
- CVE-2023-22644Sep 20, 2023affected < 4.2.12-150300.3.18.3fixed 4.2.12-150300.3.18.3
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-29409Aug 2, 2023affected < 4.2.13-150300.3.21.3fixed 4.2.13-150300.3.21.3
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2022-31248Jun 22, 2022affected < 4.2.11-150300.3.15.2fixed 4.2.11-150300.3.15.2
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.
- CVE-2021-40325Oct 4, 2021affected < 4.2.8-3.6.1fixed 4.2.8-3.6.1
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
- CVE-2021-40324Oct 4, 2021affected < 4.2.8-3.6.1fixed 4.2.8-3.6.1
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
- CVE-2021-40323Oct 4, 2021affected < 4.2.8-3.6.1fixed 4.2.8-3.6.1
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
- CVE-2020-25638Dec 2, 2020affected < 4.2.10-150300.3.12.1fixed 4.2.10-150300.3.12.1
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u