Manager Proxy Suse Manager Proxy

Do you want an email whenever new security vulnerabilities are reported in Suse Manager Proxy?

By the Year

In 2022 there have been 2 vulnerabilities in Suse Manager Proxy with an average score of 7.8 out of ten. Manager Proxy did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 7.80
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Manager Proxy vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Suse Manager Proxy Security Vulnerabilities

In cifs-utils through 6.14

CVE-2022-27239 7.8 - High - April 27, 2022

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

Memory Corruption

A local privilege escalation vulnerability was found on polkit's pkexec utility

CVE-2021-4034 7.8 - High - January 28, 2022

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Memory Corruption

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which

CVE-2015-5219 7.5 - High - July 21, 2017

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

Incorrect Type Conversion or Cast

ntpd in NTP 4.x before 4.2.8p8

CVE-2016-4953 7.5 - High - July 05, 2016

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.

authentification

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8

CVE-2016-4954 7.5 - High - July 05, 2016

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication.

Race Condition

ntpd in NTP 4.x before 4.2.8p8

CVE-2016-4956 5.3 - Medium - July 05, 2016

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548.

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled

CVE-2016-4955 5.9 - Medium - July 05, 2016

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.

Race Condition

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0)

CVE-2016-0264 5.6 - Medium - May 24, 2016

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Suse Openstack Cloud or by Suse? Click the Watch button to subscribe.

Suse
Vendor

subscribe