Suse Manager Server vulnerabilities

CVE-2023-22644 [CRITICAL] CWE-1270 CVE-2023-22644: A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and AP A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

CVE-2022-43754 [LOW] CWE-79 CVE-2022-43754: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue a

CVE-2022-43753 [MEDIUM] CWE-22 CVE-2022-43753: A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in sp A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomc

CVE-2022-31255 [MEDIUM] CWE-22 CVE-2022-31255: An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in s An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tom

CVE-2022-21952 [HIGH] CWE-306 CVE-2022-21952: A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Serve A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior

CVE-2022-31248 [MEDIUM] CWE-204 CVE-2022-31248: A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE M A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.

CVE-2022-27239 [HIGH] CWE-787 CVE-2022-27239: In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-li In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2021-4034 [HIGH] CWE-787 CVE-2021-4034: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variabl