Risk | High |
Patch available | YES |
Number of vulnerabilities | 15 |
CVE-ID | CVE-2020-7753 CVE-2021-3807 CVE-2021-3918 CVE-2021-43138 CVE-2022-0155 CVE-2022-27664 CVE-2022-31097 CVE-2022-31107 CVE-2022-32149 CVE-2022-35957 CVE-2022-36062 CVE-2022-41715 CVE-2022-46146 CVE-2023-1387 CVE-2023-1410 |
CWE-ID | CWE-185 CWE-20 CWE-94 CWE-200 CWE-79 CWE-287 CWE-400 CWE-288 CWE-264 CWE-836 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
SUSE Manager Proxy Module Operating systems & Components / Operating system SUSE Manager Client Tools for SLE Micro Operating systems & Components / Operating system SUSE Manager Client Tools for SLE Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP1 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE CaaS Platform Operating systems & Components / Operating system bind-doc Operating systems & Components / Operating system package or component libisccc1600-debuginfo Operating systems & Components / Operating system package or component libisccfg1600-debuginfo Operating systems & Components / Operating system package or component libirs-devel Operating systems & Components / Operating system package or component bind-chrootenv Operating systems & Components / Operating system package or component bind-debugsource Operating systems & Components / Operating system package or component libirs1601-debuginfo Operating systems & Components / Operating system package or component libdns1605-debuginfo Operating systems & Components / Operating system package or component libns1604-debuginfo Operating systems & Components / Operating system package or component libbind9-1600-debuginfo Operating systems & Components / Operating system package or component libisc1606-debuginfo Operating systems & Components / Operating system package or component bind-devel Operating systems & Components / Operating system package or component bind Operating systems & Components / Operating system package or component bind-utils-debuginfo Operating systems & Components / Operating system package or component bind-debuginfo Operating systems & Components / Operating system package or component libns1604 Operating systems & Components / Operating system package or component libisc1606-64bit Operating systems & Components / Operating system package or component libisccfg1600-64bit Operating systems & Components / Operating system package or component libirs1601-64bit Operating systems & Components / Operating system package or component libbind9-1600-64bit Operating systems & Components / Operating system package or component libdns1605-64bit Operating systems & Components / Operating system package or component libisccc1600-64bit Operating systems & Components / Operating system package or component python3-bind Operating systems & Components / Operating system package or component libisc1606 Operating systems & Components / Operating system package or component libisccc1600 Operating systems & Components / Operating system package or component libbind9-1600 Operating systems & Components / Operating system package or component libisccfg1600 Operating systems & Components / Operating system package or component bind-utils Operating systems & Components / Operating system package or component libdns1605 Operating systems & Components / Operating system package or component libirs1601 Operating systems & Components / Operating system package or component grafana-debuginfo Operating systems & Components / Operating system package or component python3-uyuni-common-libs Operating systems & Components / Operating system package or component grafana Operating systems & Components / Operating system package or component zypp-plugin-spacewalk Operating systems & Components / Operating system package or component mgr-daemon Operating systems & Components / Operating system package or component python3-zypp-plugin-spacewalk Operating systems & Components / Operating system package or component wire-debuginfo Operating systems & Components / Operating system package or component wire Operating systems & Components / Operating system package or component spacecmd Operating systems & Components / Operating system package or component dracut-saltboot Operating systems & Components / Operating system package or component bind-devel-32bit Operating systems & Components / Operating system package or component libisccc1600-32bit-debuginfo Operating systems & Components / Operating system package or component libdns1605-32bit-debuginfo Operating systems & Components / Operating system package or component libns1604-32bit Operating systems & Components / Operating system package or component libirs1601-32bit-debuginfo Operating systems & Components / Operating system package or component libns1604-32bit-debuginfo Operating systems & Components / Operating system package or component libdns1605-32bit Operating systems & Components / Operating system package or component libisccfg1600-32bit Operating systems & Components / Operating system package or component libbind9-1600-32bit Operating systems & Components / Operating system package or component libisccc1600-32bit Operating systems & Components / Operating system package or component libirs1601-32bit Operating systems & Components / Operating system package or component libisc1606-32bit-debuginfo Operating systems & Components / Operating system package or component libbind9-1600-32bit-debuginfo Operating systems & Components / Operating system package or component libisc1606-32bit Operating systems & Components / Operating system package or component libisccfg1600-32bit-debuginfo Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
EUVDB-ID: #VU65355
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7753
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Update the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU57967
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64034
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3918
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62361
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-43138
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges within the application.
The vulnerability exists due to improper input validation when handling data passed via the mapValues()
method. A remote attacker can send a specially crafted request and escalate privileges within the application.
Update the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61669
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0155
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67396
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-27664
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65354
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-31097
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU65353
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-31107
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in OAuth implementation routine. A remote attacker can bypass authentication process and login under arbitrary account.
Update the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68897
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-32149
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68557
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-35957
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to the way Grafana handles authorization process when Auth proxy authentication is used. A remote user with admin privileges can authenticate as Server Admin by providing the username (or email) in a X-WEBAUTH-USER
HTTP header.
Update the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU67646
Risk: Medium
CVSSv4.0: 2.4 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-36062
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU68390
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41715
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU69691
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-46146
CWE-ID:
CWE-836 - Use of Password Hash Instead of Password for Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to incorrect implementation of basic authentication. A remote attacker with knowledge of the password hash can authenticate against Prometheus without actual knowledge of the password.
Update the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77620
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1387
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to application allows users to login with a JWT token passed in the URL query parameter auth_token. A remote attacker can intercept the query and gain unauthorized access to the application.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU75360
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-1410
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Graphite FunctionDescription tooltip. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate the affected package SUSE Manager Client Tools to the latest version.
Vulnerable software versionsSUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
CPE2.3https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.