CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22644 – JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2023-22644
20 Sep 2023 — An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4. Una vulnerabilidad de Inserción de Información Sensible en un Archivo de Registro en SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager ... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644 • CWE-532: Insertion of Sensitive Information into Log File CWE-1270: Generation of Incorrect Security Tokens •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43754 – SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do
https://notcve.org/view.php?id=CVE-2022-43754
10 Nov 2022 — An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-1... • https://bugzilla.suse.com/show_bug.cgi?id=1204741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-43753 – SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload
https://notcve.org/view.php?id=CVE-2022-43753
10 Nov 2022 — A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-... • https://bugzilla.suse.com/show_bug.cgi?id=1204716 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31255 – SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction
https://notcve.org/view.php?id=CVE-2022-31255
10 Nov 2022 — An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale... • https://bugzilla.suse.com/show_bug.cgi?id=1204543 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2022-27239 – Gentoo Linux Security Advisory 202311-05
https://notcve.org/view.php?id=CVE-2022-27239
27 Apr 2022 — In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. En cifs-utils versiones hasta 6.14, un desbordamiento del búfer en la región stack de la memoria cuando es analizado el argumento de línea de comandos mount.cifs ip= podría conllevar a que atacantes locales obtuvieran privilegios de root Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environmen... • http://wiki.robotz.com/index.php/Linux_CIFS_Utils_and_Samba • CWE-787: Out-of-bounds Write •