Paolo Perego

**Name of the Vulnerable Software and Affected Versions** tftpsync (affected versions not specified) **Description** A path traversal flaw exists in the `tftpsync/add` and `tftpsync/delete` scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the privileges of the `wwwrun` user. Access to the affected scripts is restricted to a list of allowed IP addresses, and the scripts are unauthenticated. The vulnerability involves manipulating file paths to access resources outside the intended directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE Manager Server Module versions prior to 4.3.42-150400.3.52.1 Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2 **Description** A Cross-site Scripting (XSS) issue allows attackers to execute JavaScript code in the organization credentials sub-page. This can be exploited by attackers to run malicious scripts remotely. **Recommendations** For Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2, update to version 5.0.15-150600.3.10.2 or later. For SUSE Manager Server Module versions prior to 4.3.42-150400.3.52.1, update to version 4.3.42-150400.3.52.1 or later.

**Name of the Vulnerable Software and Affected Versions** spacewalk-web versions prior to 5.0.15-150600.3.10.2 SUSE Manager Server Module 4.3 versions prior to 4.3.42-150400.3.52.1 Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2 **Description** A Cross-site Scripting (XSS) vulnerability is present in the Setup Wizard's HTTP Proxy credentials page in spacewalk-web. This issue allows attackers to attack users by providing specially crafted URLs to click. **Recommendations** For spacewalk-web versions prior to 5.0.15-150600.3.10.2, update to version 5.0.15-150600.3.10.2 or later. For SUSE Manager Server Module 4.3 versions prior to 4.3.42-150400.3.52.1, update to version 4.3.42-150400.3.52.1 or later. For Container suse/manager/5.0/x86 64/server versions prior to 5.0.15-150600.3.10.2, update to version 5.0.15-150600.3.10.2 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Manager Server Module 4.2 versions prior to 4.2.50-150300.3.66.5 SUSE Manager Server Module 4.3 versions prior to 4.3.58-150400.3.46.4 NeuVector (affected versions not specified) **Description** A user can reverse engineer the JSON Web Token (JWT) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector, potentially leading to Remote Code Execution (RCE). Additionally, an Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module causes sensitive information to be logged. **Recommendations** For SUSE Manager Server Module 4.2 versions prior to 4.2.50-150300.3.66.5, update to version 4.2.50-150300.3.66.5 or later. For SUSE Manager Server Module 4.3 versions prior to 4.3.58-150400.3.46.4, update to version 4.3.58-150400.3.46.4 or later. For NeuVector, as a temporary workaround, consider restricting access to the authentication mechanism using JWT tokens until a patch is available. Avoid using the `JWT token` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in NeuVector.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10 **Description** An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') issue allows remote attackers to read files available to the user running the process, typically tomcat. **Recommendations** For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10 **Description** An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') issue allows remote attackers to embed Javascript code via "/rhn/audit/scap/Search.do". **Recommendations** For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later. As a temporary workaround, consider restricting access to the "/rhn/audit/scap/Search.do" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Module for SUSE Manager Server 4.2 versions prior to 4.2.28 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39 SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10 **Description** A Path Traversal vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server allows remote attackers to read files available to the user running the process, typically tomcat. **Recommendations** For SUSE Linux Enterprise Module for SUSE Manager Server 4.2, update to version 4.2.28 or later. For SUSE Linux Enterprise Module for SUSE Manager Server 4.3, update spacewalk-java to version 4.3.39 or later. For SUSE Manager Server 4.2, update release-notes-susemanager to version 4.2.10 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1 **Description** A Observable Response Discrepancy issue in spacewalk-java of SUSE Manager Server allows remote attackers to discover valid usernames. **Recommendations** For SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1, update to version 4.1.46-1 or later. For SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1, update to version 4.2.37-1 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46 SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37 **Description** A Missing Authentication for Critical Function issue in spacewalk-java of SUSE Manager Server allows remote attackers to easily exhaust available disk resources, leading to a Denial of Service (DoS). This issue affects SUSE Manager Server 4.1 and 4.2. **Recommendations** For SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46, update to version 4.1.46 or later. For SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37, update to version 4.2.37 or later.

**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.2 **Description** An issue was discovered where routines in several files use the HTTP protocol instead of the more secure HTTPS. **Recommendations** For Cobbler versions prior to 3.3.2, consider updating to a version that uses HTTPS instead of HTTP to enhance security. As a temporary workaround, consider restricting access to the affected routines until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.1 **Description** An issue was discovered where files in /etc/cobbler are world readable, exposing sensitive information to local users with non-privileged access. The users.digest file contains the sha2-512 digest of users, which can be used to obtain plaintext strings for easy-to-guess passwords. The settings.yaml file contains secrets such as the hashed default password. **Recommendations** For versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/cobbler directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cobbler versions prior to 3.3.1 **Description** An issue was discovered in the templar.py file, where the `check for invalid imports` function can allow Cheetah code to import Python modules via the "#from MODULE import" substring, as only lines beginning with #import are blocked. **Recommendations** For Cobbler versions prior to 3.3.1, update to version 3.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `check for invalid imports` function in the templar.py file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Spacewalk version 2.10 Uyuni version 2021.08 Uyuni spacewalk-admin versions prior to 4.3.2-1 **Description** The issue allows code injection due to the lack of sanitization of the configuration filename used by the rhn-config-satellite.pl script to append Spacewalk-specific key-value pairs. This script is intended to be run by the tomcat user account with Sudo, according to the installation setup. An attacker can use the --option to append arbitrary code to a root-owned file that will eventually be executed by the system. **Recommendations** For Spacewalk version 2.10, update to a version that includes the fix for this issue. For Uyuni version 2021.08, update Uyuni spacewalk-admin to version 4.3.2-1 or later. For Uyuni spacewalk-admin versions prior to 4.3.2-1, update to version 4.3.2-1 or later. As a temporary workaround, consider restricting the execution of the rhn-config-satellite.pl script to prevent potential code injection attacks.

**Name of the Vulnerable Software and Affected Versions** DVD X Player Standard version 5.5.3.9 **Description** The issue is related to a Buffer Overflow that can be triggered via a crafted .plf file. **Recommendations** For DVD X Player Standard version 5.5.3.9, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Geo Mashup plugin versions prior to 1.8.3 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the geo search widget of the Geo Mashup plugin for WordPress. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `search key`. **Recommendations** For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the geo search widget until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Pebble versions 2.0.0 RC1 through 2.0.0 RC2 **Description** A cross-site scripting (XSS) issue exists in the search functionality, allowing remote attackers to inject arbitrary web script or HTML via the query string. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For versions 2.0.0 RC1 and 2.0.0 RC2, consider disabling the search functionality until a patch is available to prevent exploitation of the XSS vulnerability.