Manager

This hub aggregates every CVE we track for Manager, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Manager.

• CVE-2025-64180Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)10.0Nov 7, 2025
• CVE-2025-54122Manager-io/Manager allows unauthenticated full read server-side request forgery in "proxy" endpoint10.0Jul 21, 2025
• CVE-2011-1597OpenVAS Manager v2.0.3 allows plugin remote code execution.8.8Feb 5, 2020
• CVE-2019-16967An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x before 15.0.6 before FreePBX 14.0.10.3. In the Manager module form (html\admin\modules\manager\views\form.php), an unsanitized manag...6.1Oct 21, 2019
• CVE-2019-3684susemanager installer creates world-readable swap files5.9May 13, 2019
• CVE-2015-5219The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (inf...7.5Jul 21, 2017
• CVE-2015-5300The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP ...7.5Jul 21, 2017
• CVE-2015-5194The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.7.5Jul 21, 2017
• CVE-2017-7995Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in ...3.8May 3, 2017
• CVE-2016-4948Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a...6.1Mar 7, 2017
• CVE-2016-4949Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.7.5Mar 7, 2017
• CVE-2016-4950Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.7.5Mar 7, 2017
• CVE-2015-7976The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a...4.3Jan 30, 2017
• CVE-2016-4954The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many s...7.5Jul 5, 2016
• CVE-2016-4953ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data ...7.5Jul 5, 2016