cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-22037,https://securityvulnerability.io/vulnerability/CVE-2024-22037,Uyuni server attestation service exposed database password,"The uyuni-server-attestation systemd service has a significant security flaw related to its database password configuration. Specifically, it relies on an environment variable that is not properly secured. The associated file has permissions set to 640, limiting access to privileged users. However, the environment variable is still visible to non-privileged users through the systemd service management, leading to potential credential exposure. Organizations utilizing the Uyuni Server are urged to review their security configurations to mitigate risks associated with this exposure.",Suse,Suse Manager Server 5.0,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:46:07.525Z,0
CVE-2024-22038,https://securityvulnerability.io/vulnerability/CVE-2024-22038,Attackers can leak information or cause denial of service through specially crafted git repositories in obs-scm-bridge,"The vulnerability in the OBS SCM Bridge product from SUSE arises from various issues that allow attackers to exploit specially crafted git repositories. This exploitation can lead to unauthorized information disclosure, enabling potential denial of service impacts. Organizations using this product should assess their risk and apply necessary mitigations promptly.",Suse,Opensuse Factory,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:38:03.449Z,0
CVE-2024-49502,https://securityvulnerability.io/vulnerability/CVE-2024-49502,Attackers can attack users by providing specially crafted URLs to click,"A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.2.7.8.1,Suse Manager Server Module 4.3",3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:26:38.995Z,0
CVE-2024-49503,https://securityvulnerability.io/vulnerability/CVE-2024-49503,SUSE Manager XSS Vulnerability Allows JavaScript Execution in Credentials Sub-Page,"A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.2.7.8.1,Suse Manager Server Module 4.3",3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:20:03.366Z,0
CVE-2024-52283,https://securityvulnerability.io/vulnerability/CVE-2024-52283,Adobe Magento vulnerability exposes users to stored XSS attacks,Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project,Suse,Hackweek,5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:07:45.917Z,0
CVE-2024-49504,https://securityvulnerability.io/vulnerability/CVE-2024-49504,File Access Vulnerability in Grub2 by SUSE,"A security flaw in Grub2 allows attackers who gain access to the grub shell to read files stored on encrypted disks. This vulnerability poses significant risks, as it can compromise the confidentiality of sensitive data. Organizations using SUSE products must ensure proper access controls and apply necessary patches to mitigate potential exposure.",SUSE,Grub2,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2024-49506,https://securityvulnerability.io/vulnerability/CVE-2024-49506,Insecure Temporary File Creation in SUSE Products Affects System Security,"An improper method of creating temporary files in certain SUSE products can be exploited by local users on systems with tailored configurations. This issue exposes the system to denial-of-service conditions and could potentially allow unauthorized manipulation of the encryption key for the filesystem, posing a significant risk to data integrity and accessibility.",SUSE,SUSE Linux Enterprise,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T15:15:00.000Z,0
CVE-2022-45157,https://securityvulnerability.io/vulnerability/CVE-2022-45157,Rancher vSphere Vulnerability: Plaintext Storage of CPI/CSI Credentials,"A vulnerability has been identified in Rancher's handling of vSphere's Cloud Provider Interface (CPI) and Container Storage Interface (CSI) credentials. This issue arises from the insecure storage of CPI and CSI passwords as plaintext within Rancher. As a result, any deployment of clusters in vSphere environments is susceptible to credential exposure. This vulnerability highlights the critical need for secure credential management practices to safeguard sensitive information in cloud operations, particularly for users leveraging Rancher with vSphere.",Suse,Rancher,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-13T13:39:10.338Z,0
CVE-2023-32189,https://securityvulnerability.io/vulnerability/CVE-2023-32189,Insecure Handling of SSH Keys Leads to Potential Key Access,"The vulnerability arises from the insecure handling of SSH keys used for bootstrapping clients in SUSE products. This weakness permits local attackers to potentially access sensitive SSH keys, which could lead to unauthorized control of affected systems. It emphasizes the critical need for proper key management and access controls to safeguard SSH operations within these environments.",Suse,Suse Manager Server Module 4.3,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:48:39.236Z,0
CVE-2024-22034,https://securityvulnerability.io/vulnerability/CVE-2024-22034,Attackers can inject malicious files into osc package sources,"A configuration manipulation vulnerability exists in the open source configuration tool, osc, where attackers can place special files within the .osc directory into the actual package sources. By exploiting this flaw, an attacker can modify critical configuration settings, potentially impacting system operations and security for the victim user. This vulnerability highlights the importance of securing configuration tools against unauthorized access and manipulation.",Suse,"Suse Linux Enterprise Desktop 15 Sp5,Suse Linux Enterprise High Performance Computing 15 Sp5,Suse Linux Enterprise Module For Development Tools 15 Sp5,Suse Linux Enterprise Server 15 Sp5,Suse Linux Enterprise Server For SAP Applications 15 Sp5,Suse Linux Enterprise Desktop 15 Sp6,Suse Linux Enterprise High Performance Computing 15 Sp6,Suse Linux Enterprise Module For Development Tools 15 Sp6,Suse Linux Enterprise Server 15 Sp6,Suse Linux Enterprise Server For SAP Applications 15 Sp6,Suse Linux Enterprise Server 12 Sp5,Suse Linux Enterprise Server For SAP Applications 12 Sp5,Suse Linux Enterprise Software Development Kit 12 Sp5,Opensuse Leap 15.5,Opensuse Leap 15.6,Opensuse Tumbleweed",5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:46:08.416Z,0
CVE-2024-22033,https://securityvulnerability.io/vulnerability/CVE-2024-22033,OBS Service Vulnerable to Command Injection Attack,The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps,Suse,"Suse Package Hub 15 Sp5,Suse Package Hub 15 Sp6,Opensuse Leap 15.5,Opensuse Leap 15.6,Opensuse Tumbleweed",6.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:42:46.559Z,0
CVE-2024-22032,https://securityvulnerability.io/vulnerability/CVE-2024-22032,Kubernetes RKE1 Cluster Vulnerability: Plaintext Secret Values Exposed During Reconciliation,"A vulnerability has been identified in which an RKE1 cluster keeps 
constantly reconciling when secrets encryption configuration is enabled.
 When reconciling, the Kube API secret values are written in plaintext 
on the AppliedSpec. Cluster owners, Cluster members, and Project members
 (for projects within the cluster), all have RBAC permissions to view 
the cluster object from the apiserver.",Suse,Rancher,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:26:01.883Z,0
CVE-2024-22030,https://securityvulnerability.io/vulnerability/CVE-2024-22030,Rancher Vulnerability: Narrow MITM Exploit via Domain Control,"A vulnerability within Rancher has been identified, which could be exploited under specific conditions via a man-in-the-middle (MITM) attack. For this to take place, an attacker must either have control over a domain that has expired or carry out a DNS spoofing or hijacking attack against the Rancher URL. This potential security flaw requires stringent measures to safeguard against domain takeover and reinforce DNS security protocols to prevent exploitation. Organizations using Rancher must remain vigilant, ensuring they regularly monitor domain statuses and assess their DNS integrity.",Suse,Rancher,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:24:06.944Z,0
CVE-2024-22029,https://securityvulnerability.io/vulnerability/CVE-2024-22029,Local User Escalation via Insecure Packaging,"The vulnerability arises from insecure permissions associated with the packaging of Tomcat, a web server and servlet container. This flaw allows local users to exploit a race condition during the installation process, potentially leading to privilege escalation to root. Organizations employing Tomcat should take immediate precautions to secure their environments against unauthorized privilege escalations by reviewing the implementation and applying any necessary patches or mitigations.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.0-beta1.2.122,Suse Enterprise Storage 7.1,Suse Linux Enterprise High Performance Computing 15 Sp2-ltss,Suse Linux Enterprise High Performance Computing 15 Sp3-ltss,Suse Linux Enterprise High Performance Computing 15 Sp4-espos,Suse Linux Enterprise High Performance Computing 15 Sp4-ltss,Suse Linux Enterprise High Performance Computing 15 Sp5,Suse Linux Enterprise Module For Web And Scripting 15 Sp5,Suse Linux Enterprise Server 15 Sp5,Suse Linux Enterprise Server For SAP Applications 15 Sp5,Suse Linux Enterprise High Performance Computing 15 Sp6,Suse Linux Enterprise Module For Web And Scripting 15 Sp6,Suse Linux Enterprise Server 15 Sp6,Suse Linux Enterprise Server For SAP Applications 15 Sp6,Suse Linux Enterprise Server 15 Sp2-ltss,Suse Linux Enterprise Server 15 Sp3-ltss,Suse Linux Enterprise Server 15 Sp4-ltss,Suse Linux Enterprise Server For SAP Applications 15 Sp2,Suse Linux Enterprise Server For SAP Applications 15 Sp3,Suse Linux Enterprise Server For SAP Applications 15 Sp4,Suse Manager Server 4.3,Opensuse Leap 15.5,Opensuse Tumbleweed",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:20:47.698Z,0
CVE-2023-32196,https://securityvulnerability.io/vulnerability/CVE-2023-32196,Privilege Escalation Vulnerability in RoleTemplateObjects,"A significant vulnerability has been identified in Rancher where the privilege escalation checks for RoleTemplate objects are not adequately enforced when the external attribute is set to true. This flaw can potentially allow unauthorized users to escalate their privileges in certain scenarios, exposing sensitive resources and compromising the integrity of the environment. It is crucial for users and administrators of Rancher to be aware of this issue, review their configurations, and implement recommended security practices to mitigate the effects of this vulnerability.",Suse,Rancher,6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:01:47.230Z,0
CVE-2023-32194,https://securityvulnerability.io/vulnerability/CVE-2023-32194,Naming Privilege Abuse Vulnerability,"A significant vulnerability exists in Rancher products that allows users with create or global role permissions for the resource type 'namespaces' to gain excessive privileges. This flaw enables unauthorized access to core namespaces, giving these users the ability to create, update, and delete namespaces within the project. The implications of this vulnerability are critical as it compromises the integrity and security of the Kubernetes environment, allowing for potential data breaches and resource manipulation.",Suse,Rancher,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T12:56:37.617Z,0
CVE-2023-32193,https://securityvulnerability.io/vulnerability/CVE-2023-32193,Unauthenticated XSS vulnerability in Norman's public API endpoint can lead to remote code execution,"A cross-site scripting vulnerability exists in the public API endpoint of Norman, which allows unauthenticated users to inject malicious JavaScript code. When exploited, this vulnerability enables attackers to execute remote commands, potentially compromising user data and system integrity. This presents significant security risks for organizations utilizing the affected product, as an attacker could manipulate the behavior of web applications and access sensitive information without authorization.",Suse,Norman,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T12:27:13.591Z,0
CVE-2023-32192,https://securityvulnerability.io/vulnerability/CVE-2023-32192,Unauthenticated Cross-Site Scripting (XSS) Vulnerability,"A security flaw has been discovered in the Rancher API Server, specifically within the public API endpoint. This vulnerability enables attackers to exploit unauthenticated cross-site scripting (XSS) weaknesses, allowing them to execute arbitrary JavaScript code in the browsers of unsuspecting users. Such an attack vector can lead to various harmful consequences, including data theft, session hijacking, and the delivery of malicious payloads. Mitigating this vulnerability is crucial to safeguard users and maintain the integrity of the API services. For further details, refer to the advisories and discussions available on the respective platforms.",Suse,Apiserver,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T12:23:17.271Z,0
CVE-2023-32191,https://securityvulnerability.io/vulnerability/CVE-2023-32191,Non-admin users can escalate to admin rights via configmap,"A security vulnerability exists within Rancher's RKE where sensitive cluster state information is stored in a configmap named `full-cluster-state` within the `kube-system` namespace. This misconfiguration enables non-admin users to gain elevated privileges by exploiting the accessible data. As a result, unauthorized users could potentially alter critical configurations or gain administrative control over the Kubernetes cluster. Securing access to the cluster's configmap is essential to ensure that only authorized personnel can interact with these sensitive settings and to safeguard the overall integrity of the RKE deployment.",Suse,Rke,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T12:17:02.324Z,0
CVE-2023-32190,https://securityvulnerability.io/vulnerability/CVE-2023-32190,Mlocate Vulnerability Allows Arbitrary File Read by Root Users,"mlocate's post-installation script contains vulnerabilities that enable users with RUN_UPDATEDB_AS privileges to alter file permissions in a manner that makes arbitrary files world-readable. This occurs due to inadequate checks and insecure file operations executed with root-level privileges, allowing unauthorized access to sensitive data. The flaw underscores the importance of implementing stricter user permissions and validating file operations to safeguard system integrity.",Suse,Opensuse Tumbleweed,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T12:03:05.078Z,0
CVE-2023-32188,https://securityvulnerability.io/vulnerability/CVE-2023-32188,NeuVector Token Reverse Engineering Leads to Remote Code Execution,"A vulnerability in NeuVector's authentication process allows an attacker to reverse engineer the JSON Web Token (JWT) used for Manager and API access. By forging a valid NeuVector Token, the attacker can potentially gain unauthorized access to the system, enabling malicious activities, including remote code execution. Organizations using NeuVector products should remain vigilant and apply necessary security patches to mitigate the risk.",Suse,Neuvector,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T08:25:59.699Z,0
CVE-2023-22650,https://securityvulnerability.io/vulnerability/CVE-2023-22650,Rancher Vulnerability: Unauthorized Access via Deleted Users,"A user management vulnerability has been discovered in Rancher, where the platform fails to automatically revoke access for users who have been deleted or disabled in the configured authentication provider. This oversight means that tokens associated with these users remain active, potentially allowing unauthorized access to resources. As a result, organizations using Rancher are at risk of lingering access through obsolete user credentials, which may not be addressed by the usual user management processes.",Suse,Rancher,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T08:20:42.467Z,0
CVE-2023-22649,https://securityvulnerability.io/vulnerability/CVE-2023-22649,Sensitive Data at Risk of Leakage in Rancher Audit Logs,"A vulnerability exists in Rancher's audit logging feature that can lead to exposure of sensitive data. This issue arises specifically in deployments where the Audit Logging feature is enabled and the AUDIT_LEVEL is configured to '1 or higher'. In such scenarios, sensitive information may be unintentionally recorded in the audit logs, posing a risk to data privacy and security. Organizations using this feature should evaluate their configurations and take necessary precautions to safeguard sensitive information.",Suse,Rancher,6.5,MEDIUM,0.018309999257326126,false,,false,false,false,,,false,false,,2024-10-16T07:46:50.610Z,0
CVE-2023-22644,https://securityvulnerability.io/vulnerability/CVE-2023-22644,JWT token compromise can allow malicious actions including Remote Code Execution (RCE),"A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.",Suse,Neuvector,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-20T09:15:00.000Z,0
CVE-2023-32182,https://securityvulnerability.io/vulnerability/CVE-2023-32182,Improper Link Resolution Vulnerability in SUSE Linux Products,"A vulnerability exists in SUSE Linux products that allows an attacker to exploit improper link following mechanisms, potentially gaining unauthorized access to files or executing unintended actions. This issue affects multiple SUSE and openSUSE versions prior to specified patches, leading to implications for both security and data integrity.",Suse,"Suse Linux Enterprise Desktop 15 Sp5,Suse Linux Enterprise High Performance Computing 15 Sp5,Opensuse Leap 15.5",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-09-19T16:15:00.000Z,0