cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49502,https://securityvulnerability.io/vulnerability/CVE-2024-49502,Attackers can attack users by providing specially crafted URLs to click,"A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.2.7.8.1,Suse Manager Server Module 4.3",3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:26:38.995Z,0
CVE-2024-49503,https://securityvulnerability.io/vulnerability/CVE-2024-49503,SUSE Manager XSS Vulnerability Allows JavaScript Execution in Credentials Sub-Page,"A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page.
This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.2.7.8.1,Suse Manager Server Module 4.3",3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-28T09:20:03.366Z,0
CVE-2023-32189,https://securityvulnerability.io/vulnerability/CVE-2023-32189,Insecure Handling of SSH Keys Leads to Potential Key Access,"The vulnerability arises from the insecure handling of SSH keys used for bootstrapping clients in SUSE products. This weakness permits local attackers to potentially access sensitive SSH keys, which could lead to unauthorized control of affected systems. It emphasizes the critical need for proper key management and access controls to safeguard SSH operations within these environments.",Suse,Suse Manager Server Module 4.3,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:48:39.236Z,0
CVE-2024-22029,https://securityvulnerability.io/vulnerability/CVE-2024-22029,Local User Escalation via Insecure Packaging,"The vulnerability arises from insecure permissions associated with the packaging of Tomcat, a web server and servlet container. This flaw allows local users to exploit a race condition during the installation process, potentially leading to privilege escalation to root. Organizations employing Tomcat should take immediate precautions to secure their environments against unauthorized privilege escalations by reviewing the implementation and applying any necessary patches or mitigations.",Suse,"Container Suse/manager/5.0/x86 64/server:5.0.0-beta1.2.122,Suse Enterprise Storage 7.1,Suse Linux Enterprise High Performance Computing 15 Sp2-ltss,Suse Linux Enterprise High Performance Computing 15 Sp3-ltss,Suse Linux Enterprise High Performance Computing 15 Sp4-espos,Suse Linux Enterprise High Performance Computing 15 Sp4-ltss,Suse Linux Enterprise High Performance Computing 15 Sp5,Suse Linux Enterprise Module For Web And Scripting 15 Sp5,Suse Linux Enterprise Server 15 Sp5,Suse Linux Enterprise Server For SAP Applications 15 Sp5,Suse Linux Enterprise High Performance Computing 15 Sp6,Suse Linux Enterprise Module For Web And Scripting 15 Sp6,Suse Linux Enterprise Server 15 Sp6,Suse Linux Enterprise Server For SAP Applications 15 Sp6,Suse Linux Enterprise Server 15 Sp2-ltss,Suse Linux Enterprise Server 15 Sp3-ltss,Suse Linux Enterprise Server 15 Sp4-ltss,Suse Linux Enterprise Server For SAP Applications 15 Sp2,Suse Linux Enterprise Server For SAP Applications 15 Sp3,Suse Linux Enterprise Server For SAP Applications 15 Sp4,Suse Manager Server 4.3,Opensuse Leap 15.5,Opensuse Tumbleweed",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T13:20:47.698Z,0
CVE-2022-31255,https://securityvulnerability.io/vulnerability/CVE-2022-31255,SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction,"An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.",Suse,"Suse Linux Enterprise Module For Suse Manager Server 4.2,Suse Linux Enterprise Module For Suse Manager Server 4.3,Suse Manager Server 4.2",4.3,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2022-11-10T15:15:00.000Z,0
CVE-2022-43754,https://securityvulnerability.io/vulnerability/CVE-2022-43754,SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do,"An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.",Suse,"Suse Linux Enterprise Module For Suse Manager Server 4.2,Suse Linux Enterprise Module For Suse Manager Server 4.3,Suse Manager Server 4.2",2.6,LOW,0.0005699999746866524,false,,false,false,false,,,false,false,,2022-11-10T15:15:00.000Z,0
CVE-2022-43753,https://securityvulnerability.io/vulnerability/CVE-2022-43753,SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload,"A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10.",Suse,"Suse Linux Enterprise Module For Suse Manager Server 4.2,Suse Linux Enterprise Module For Suse Manager Server 4.3,Suse Manager Server 4.2",4.3,MEDIUM,0.0013099999632686377,false,,false,false,false,,,false,false,,2022-11-10T15:15:00.000Z,0