rpm package
suse/susemanager-build-keys&distro=SUSE Manager Proxy Module 4.3
pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Proxy%20Module%204.3
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-46809 | Med | 5.7 | < 15.4.11-150400.3.35.2 | 15.4.11-150400.3.35.2 | Jul 31, 2025 | A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7. | |
| CVE-2025-46811 | Cri | 9.8 | < 15.4.11-150400.3.35.2 | 15.4.11-150400.3.35.2 | Jul 30, 2025 | A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-15060 | |
| CVE-2025-23393 | Med | 5.2 | < 15.4.11-150400.3.35.2 | 15.4.11-150400.3.35.2 | May 27, 2025 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3 | |
| CVE-2025-23392 | Med | 5.2 | < 15.4.11-150400.3.35.2 | 15.4.11-150400.3.35.2 | May 26, 2025 | A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3. | |
| CVE-2024-49503 | Low | 3.5 | < 15.4.10-150400.3.29.4 | 15.4.10-150400.3.29.4 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8. | |
| CVE-2024-49502 | Low | 3.5 | < 15.4.10-150400.3.29.4 | 15.4.10-150400.3.29.4 | Nov 28, 2024 | A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe | |
| CVE-2024-47533 | Cri | 9.8 | < 15.4.10-150400.3.29.4 | 15.4.10-150400.3.29.4 | Nov 18, 2024 | Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon | |
| CVE-2023-32189 | Med | 5.9 | < 15.4.10-150400.3.23.5 | 15.4.10-150400.3.23.5 | Oct 16, 2024 | Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | |
| CVE-2023-31582 | — | < 15.4.10-150400.3.23.5 | 15.4.10-150400.3.23.5 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | ||
| CVE-2023-22644 | — | < 15.4.9-150400.3.20.2 | 15.4.9-150400.3.20.2 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2021-41411 | — | < 15.4.3-150400.3.6.1 | 15.4.3-150400.3.6.1 | Jun 16, 2022 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||
| CVE-2022-0860 | — | < 15.4.3-150400.3.6.1 | 15.4.3-150400.3.6.1 | Mar 11, 2022 | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. |
- affected < 15.4.11-150400.3.35.2fixed 15.4.11-150400.3.35.2
A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? before 4.3.33-150400.3.55.2; Container suse/manager/5.0/x86_64/proxy-httpd:5.0.5.7.
- affected < 15.4.11-150400.3.35.2fixed 15.4.11-150400.3.35.2
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-15060
- affected < 15.4.11-150400.3.35.2fixed 15.4.11-150400.3.35.2
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3
- affected < 15.4.11-150400.3.35.2fixed 15.4.11-150400.3.35.2
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.
- affected < 15.4.10-150400.3.29.4fixed 15.4.10-150400.3.29.4
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.
- affected < 15.4.10-150400.3.29.4fixed 15.4.10-150400.3.29.4
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Containe
- affected < 15.4.10-150400.3.29.4fixed 15.4.10-150400.3.29.4
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyon
- affected < 15.4.10-150400.3.23.5fixed 15.4.10-150400.3.23.5
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
- CVE-2023-31582Oct 24, 2023affected < 15.4.10-150400.3.23.5fixed 15.4.10-150400.3.23.5
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
- CVE-2023-22644Sep 20, 2023affected < 15.4.9-150400.3.20.2fixed 15.4.9-150400.3.20.2
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2021-41411Jun 16, 2022affected < 15.4.3-150400.3.6.1fixed 15.4.3-150400.3.6.1
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
- CVE-2022-0860Mar 11, 2022affected < 15.4.3-150400.3.6.1fixed 15.4.3-150400.3.6.1
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.