rpm package
suse/spacewalk-setup&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/spacewalk-setup&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32189 | Med | 5.9 | < 4.3.19-150400.3.30.5 | 4.3.19-150400.3.30.5 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-31582 | — | < 4.3.19-150400.3.30.5 | 4.3.19-150400.3.30.5 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2023-22644 | — | < 4.3.16-150400.3.21.6 | 4.3.16-150400.3.21.6 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2023-29409 | — | < 4.3.18-150400.3.27.13 | 4.3.18-150400.3.27.13 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr | ||
| CVE-2022-31248 | — | < 4.3.10-150400.3.3.3 | 4.3.10-150400.3.3.3 | Jun 22, 2022 | A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4. | ||
| CVE-2021-41411 | — | < 4.3.12-150400.3.8.1 | 4.3.12-150400.3.8.1 | Jun 16, 2022 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||
| CVE-2022-0860 | — | < 4.3.12-150400.3.8.1 | 4.3.12-150400.3.8.1 | Mar 11, 2022 | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. |
- affected < 4.3.19-150400.3.30.5fixed 4.3.19-150400.3.30.5
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-31582Oct 24, 2023affected < 4.3.19-150400.3.30.5fixed 4.3.19-150400.3.30.5
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2023-22644Sep 20, 2023affected < 4.3.16-150400.3.21.6fixed 4.3.16-150400.3.21.6
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-29409Aug 2, 2023affected < 4.3.18-150400.3.27.13fixed 4.3.18-150400.3.27.13
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
- CVE-2022-31248Jun 22, 2022affected < 4.3.10-150400.3.3.3fixed 4.3.10-150400.3.3.3
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.
- CVE-2021-41411Jun 16, 2022affected < 4.3.12-150400.3.8.1fixed 4.3.12-150400.3.8.1
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
- CVE-2022-0860Mar 11, 2022affected < 4.3.12-150400.3.8.1fixed 4.3.12-150400.3.8.1
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.