| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-23391 | Rancher: Restricted Administrator can change Administrator's passwords | SUSE | rancher | Critical | 9.1 | 2025-04-11 10:38:44 | Deep Dive |
| CVE-2025-23386 | gerbera: Privilege escalation from user gerbera to root because of insecure %post script | SUSE | openSUSE Tumbleweed | High | 7.8 | 2025-04-10 09:42:18 | Deep Dive |
| CVE-2024-22037 | Database password leaked by systemd uyuni-server-attestation service | SUSE | SUSE Manager Server 5.0 | Medium | 5.5 | 2024-11-28 09:46:08 | Deep Dive |
| CVE-2024-22038 | DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge | SUSE | openSUSE Factory | High | 7.3 | 2024-11-28 09:38:03 | Deep Dive |
| CVE-2024-49502 | Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web | SUSE | Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 | Low | 3.5 | 2024-11-28 09:26:39 | Deep Dive |
| CVE-2024-49503 | Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web | SUSE | Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 | Low | 3.5 | 2024-11-28 09:20:03 | Deep Dive |
| CVE-2024-52283 | SUSE hackweek 跨站脚本漏洞 | SUSE | hackweek | Medium | 5.7 | 2024-11-28 09:07:46 | Deep Dive |
| CVE-2024-49504 | grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images | SUSE | openSUSE Tumbleweed | - | - | 2024-11-13 14:44:24 | Deep Dive |
| CVE-2022-45157 | Exposure of vSphere's CPI and CSI credentials in Rancher | SUSE | rancher | Critical | 9.1 | 2024-11-13 13:39:10 | Deep Dive |
| CVE-2023-32189 | Insecure handling SSH key in SUSE Manager when bootstrapping new clients | SUSE | SUSE Manager Server Module 4.3 | Medium | 5.9 | 2024-10-16 13:48:39 | Deep Dive |
| CVE-2024-22034 | Crafted projects can overwrite special files in the .osc config directory | SUSE | SUSE Linux Enterprise Desktop 15 SP5 | Medium | 5.5 | 2024-10-16 13:46:08 | Deep Dive |
| CVE-2024-22033 | obs-service-download_url is vulnerable to argument injection | SUSE | SUSE Package Hub 15 SP5 | Medium | 6.3 | 2024-10-16 13:42:47 | Deep Dive |
| CVE-2024-22032 | Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec | SUSE | rancher | Medium | 6.5 | 2024-10-16 13:26:02 | Deep Dive |
| CVE-2024-22030 | Rancher agents can be hijacked by taking over the Rancher Server URL | SUSE | rancher | High | 8.0 | 2024-10-16 13:24:07 | Deep Dive |
| CVE-2024-22029 | tomcat packaging allows for escalation to root from tomcat user | SUSE | Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122 | High | 7.8 | 2024-10-16 13:20:48 | Deep Dive |
| CVE-2023-32196 | Rancher's External RoleTemplates can lead to privilege escalation | SUSE | rancher | Medium | 6.6 | 2024-10-16 13:01:47 | Deep Dive |
| CVE-2023-32194 | Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' | SUSE | rancher | High | 7.2 | 2024-10-16 12:56:38 | Deep Dive |
| CVE-2023-32193 | Norman API Cross-site Scripting Vulnerability | SUSE | norman | High | 8.3 | 2024-10-16 12:27:14 | Deep Dive |
| CVE-2023-32192 | Rancher API Server Cross-site Scripting Vulnerability | SUSE | apiserver | High | 8.3 | 2024-10-16 12:23:17 | Deep Dive |
| CVE-2023-32191 | rke's credentials are stored in the RKE1 Cluster state ConfigMap | SUSE | rke | Critical | 9.9 | 2024-10-16 12:17:02 | Deep Dive |