Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Client Tools 15 package mgr-daemon, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (45)
CVE-2021-3918 — CVSS 9.8 (critical): json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2017-7550 — CVSS 9.8 (critical): A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module…
CVE-2020-13379 — CVSS 8.2 (high): The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated…
CVE-2016-9587 — CVSS 8.1 (high): Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems…
CVE-2018-10874 — CVSS 7.8 (high): In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under…
CVE-2021-43138 — CVSS 7.8 (high): In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js…
CVE-2022-36062 — CVSS 7.6 (high): Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to…
CVE-2016-8628 — CVSS 7.6 (high): Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2019-15043 — CVSS 7.5 (high): In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service…
CVE-2022-32149 — CVSS 7.5 (high): An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to…
CVE-2022-27664 — CVSS 7.5 (high): In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang…
CVE-2020-7753 — CVSS 7.5 (high): All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVE-2021-20228 — CVSS 7.5 (high): A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature…
CVE-2022-31097 — CVSS 7.3 (high): Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and…
CVE-2023-5764 — CVSS 7.1 (high): A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation…
CVE-2021-3583 — CVSS 7.1 (high): A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the…
CVE-2022-31107 — CVSS 7.1 (high): Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible…
CVE-2020-14365 — CVSS 7.1 (high): A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing…
CVE-2022-35957 — CVSS 6.6 (medium): Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation…
CVE-2024-1313 — CVSS 6.5 (medium): It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2016-8614 — CVSS 6.3 (medium): A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary…
CVE-2023-1410 — CVSS 6.2 (medium): Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite…
CVE-2022-46146 — CVSS 6.2 (medium): Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a…
CVE-2023-3978 — CVSS 6.1 (medium): Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to…
CVE-2019-10215 — CVSS 6.1 (medium): Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could…
CVE-2021-3447 — CVSS 5.5 (medium): A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on…
CVE-2021-20191 — CVSS 5.5 (medium): A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log…
CVE-2021-20180 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2021-20178 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2020-14332 — CVSS 5.5 (medium): A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize…
CVE-2021-3620 — CVSS 5.5 (medium): A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is…
CVE-2023-6152 — CVSS 5.4 (medium): A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration…
CVE-2024-0690 — CVSS 5.0 (medium): An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios…
CVE-2020-10744 — CVSS 5.0 (medium): An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from…
CVE-2020-1753 — CVSS 5.0 (medium): A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all…
CVE-2020-14330 — CVSS 5.0 (medium): An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content…
CVE-2016-8647 — CVSS 4.9 (medium): An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in…
CVE-2021-43815 — CVSS 4.3 (medium): Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal…
CVE-2019-10136 — CVSS 4.3 (medium): It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but…
CVE-2023-1387 — CVSS 4.2 (medium): Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search…