Skip to main content

Manager

22 CVEs product

Monthly

CVE-2019-16967 MEDIUM POC PATCH This Month

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Manager Freepbx
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-3684 MEDIUM POC This Month

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2015-5300 HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo Leap Opensuse +16
NVD
CVSS 3.0
7.5
EPSS
36.8%
CVE-2015-5219 HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +13
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2015-5194 HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +9
NVD GitHub
CVSS 3.0
7.5
EPSS
8.4%
CVE-2017-7995 LOW Monitor

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Manager Manager Proxy Openstack Cloud +2
NVD
CVSS 3.0
3.8
EPSS
0.1%
CVE-2016-4950 HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4949 HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4948 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Manager
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2015-7976 MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo Manager Manager Proxy +6
NVD VulDB
CVSS 3.0
4.3
EPSS
3.2%
CVE-2016-4954 HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-4953 HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
13.6%
CVE-2016-0264 MEDIUM This Month

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.9% and no vendor patch available.

IBM RCE Buffer Overflow Java Linux Enterprise Server +12
NVD
CVSS 3.1
5.6
EPSS
12.9%
CVE-2016-1286 HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
8.6
EPSS
53.6%
CVE-2016-1285 MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
6.8
EPSS
69.0%
CVE-2014-8162 HIGH This Week

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Network Satellite Manager
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-7812 LOW Monitor

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-7811 LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Network Satellite Spacewalk Manager
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-3654 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3595 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4415 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XSS Satellite Satellite 5 Managed Db Spacewalk Java +2
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4480 HIGH PATCH This Week

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Red Hat Information Disclosure Network Satellite Satellite Satellite With Embedded Oracle +2
NVD
CVSS 2.0
7.5
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Manager +1
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC This Month

SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Manager
NVD
EPSS 37% CVSS 7.5
HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo +18
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +15
NVD GitHub
EPSS 8% CVSS 7.5
HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +11
NVD GitHub
EPSS 0% CVSS 3.8
LOW Monitor

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Manager +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Manager
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo +8
NVD VulDB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp +11
NVD
EPSS 14% CVSS 7.5
HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp +11
NVD
EPSS 13% CVSS 5.6
MEDIUM This Month

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.9% and no vendor patch available.

IBM RCE Buffer Overflow +14
NVD
EPSS 54% CVSS 8.6
HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 69% CVSS 6.8
MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 1% CVSS 7.5
HIGH This Week

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat XXE Network Satellite +1
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Satellite +2
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Network Satellite +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Red Hat XSS Satellite +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Red Hat Information Disclosure Network Satellite +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy