CVE Daily
← All tags

Tag: SUSE Multi-Linux Manager

All CVEs associated with "SUSE Multi-Linux Manager". Page 1/1 • 20 CVEs.

About “SUSE Multi-Linux Manager”

A curated feed of “SUSE Multi-Linux Manager”-related CVEs appears below. We currently track 20 CVEs for this tag (all time). In the last 365 days, 3 were published. Average CVSS is 5.8 (all time; 8.3 over 365d), and 35% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), CWE-256 - Plaintext Storage of a Password, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Config management tools have broad privileges. Patch servers and agents, use least privilege, sign artifacts, and audit playbooks and modules. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: suse-manager

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
5.15.1.2Unavailable
5.05.0.7Unavailable Soon
4.34.3.17 ExpiredLTS
4.24.2.14Unavailable Expired
4.14.1.15Unavailable Expired
4.04.0.14Unavailable Expired
3.23.2.15Unavailable Expired
3.13.1.11Unavailable Expired
3.03.0.12Unavailable Expired
2.12.1.19Unavailable Expired
1.71.7.6Unavailable Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “SUSE Multi-Linux Manager”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-10-30
Critical

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue af…

CVSS: 9.3 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
2025-07-31
Medium

CVE-2025-46809

A Plaintext Storage of a Password vulnerability in SUSE exposes the credentials for the HTTP proxy in the log files. This issue affects Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1: from ? be…

CVSS: 5.7 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
2025-07-30
Critical

CVE-2025-46811

A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-05-27
Medium

CVE-2025-23393

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in  spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Con…

CVSS: 5.2 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
2025-05-26
Medium

CVE-2025-23392

A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Cont…

CVSS: 5.2 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
2024-11-28
Low

CVE-2024-49503

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attac…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-02-07
High

CVE-2022-31254

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSU…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-11-10
Low

CVE-2022-43754

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterp…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2022-43753

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Mo…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2022-31255

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise M…

CVSS: 4.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2022-06-22
Medium

CVE-2022-31248

A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Man…

CVSS: 5.3 CWE: CWE-204 - Observable Response Discrepancy View on NVD
High

CVE-2022-21952

A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources l…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2021-06-30
High

CVE-2021-25321

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 al…

CVSS: 7.8 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Critical

CVE-2019-18906

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without havin…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2021-05-05
Low

CVE-2021-25317

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factor…

CVSS: 3.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-09-17
Critical

CVE-2020-8028

A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE M…

CVSS: 9.3 CWE: CWE-284 - Improper Access Control View on NVD
2019-05-13
Medium

CVE-2019-3684

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have…

CVSS: 5.9 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
2013-12-02
Medium

CVE-2012-0414

Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an imag…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2012-08-08
Low

CVE-2012-0421

The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by rea…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox