Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Client Tools 15 package uyuni-proxy-systemd-services, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (52)
CVE-2024-47533 — CVSS 9.8 (critical): Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication…
CVE-2021-3711 — CVSS 9.8 (critical): In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application…
CVE-2025-46811 — CVSS 9.8 (critical): A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able…
CVE-2021-3918 — CVSS 9.8 (critical): json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2017-7550 — CVSS 9.8 (critical): A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module…
CVE-2021-41244 — CVSS 9.1 (critical): Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature…
CVE-2016-9587 — CVSS 8.1 (high): Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems…
CVE-2018-10874 — CVSS 7.8 (high): In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under…
CVE-2021-43138 — CVSS 7.8 (high): In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js…
CVE-2016-8628 — CVSS 7.6 (high): Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to…
CVE-2022-36062 — CVSS 7.6 (high): Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to…
CVE-2020-7753 — CVSS 7.5 (high): All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVE-2022-41723 — CVSS 7.5 (high): A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service…
CVE-2022-41715 — CVSS 7.5 (high): Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed…
CVE-2021-20228 — CVSS 7.5 (high): A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature…
CVE-2021-36222 — CVSS 7.5 (high): ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2…
CVE-2022-23552 — CVSS 7.3 (high): Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and…
CVE-2022-31097 — CVSS 7.3 (high): Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and…
CVE-2021-3583 — CVSS 7.1 (high): A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the…
CVE-2020-14365 — CVSS 7.1 (high): A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing…
CVE-2023-5764 — CVSS 7.1 (high): A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation…
CVE-2022-31107 — CVSS 7.1 (high): Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible…
CVE-2021-41174 — CVSS 6.9 (medium): Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to…
CVE-2022-39324 — CVSS 6.7 (medium): Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a…
CVE-2022-35957 — CVSS 6.6 (medium): Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation…
CVE-2022-29170 — CVSS 6.6 (medium): Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows…
CVE-2024-1313 — CVSS 6.5 (medium): It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2016-8614 — CVSS 6.3 (medium): A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary…
CVE-2022-46146 — CVSS 6.2 (medium): Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a…
CVE-2025-46809 — CVSS 5.7 (medium): A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects…
CVE-2021-3620 — CVSS 5.5 (medium): A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is…
CVE-2021-3447 — CVSS 5.5 (medium): A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on…
CVE-2021-20191 — CVSS 5.5 (medium): A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log…
CVE-2021-20180 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2021-20178 — CVSS 5.5 (medium): A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature…
CVE-2024-8775 — CVSS 5.5 (medium): A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of…
CVE-2020-14332 — CVSS 5.5 (medium): A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize…
CVE-2023-6152 — CVSS 5.4 (medium): A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration…
CVE-2025-23392 — CVSS 5.2 (medium): A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of…
CVE-2025-23393 — CVSS 5.2 (medium): A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of…
CVE-2020-14330 — CVSS 5.0 (medium): An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content…
CVE-2020-10744 — CVSS 5.0 (medium): An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from…
CVE-2020-1753 — CVSS 5.0 (medium): A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all…
CVE-2024-0690 — CVSS 5.0 (medium): An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios…
CVE-2016-8647 — CVSS 4.9 (medium): An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in…
CVE-2021-43813 — CVSS 4.3 (medium): Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory…
CVE-2021-43815 — CVSS 4.3 (medium): Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal…
CVE-2024-49503 — CVSS 3.5 (low): A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows…
CVE-2024-49502 — CVSS 3.5 (low): A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy…