VYPR

rpm package

opensuse/rmt-server&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweed

Vulnerabilities (20)

  • CVE-2023-28120MedJan 9, 2025
    affected < 2.12-1.1fixed 2.12-1.1

    There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

  • CVE-2024-28103Jun 4, 2024
    affected < 2.18-1.1fixed 2.18-1.1

    Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

  • CVE-2023-27530Mar 10, 2023
    affected < 2.12-1.1fixed 2.12-1.1

    A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

  • CVE-2022-31254Feb 7, 2023
    affected < 2.12-1.1fixed 2.12-1.1

    A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt u

  • CVE-2020-15169Sep 11, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS

  • CVE-2020-8166MedJul 2, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

  • CVE-2020-8185Jul 2, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

  • CVE-2020-8167Jun 19, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

  • CVE-2020-8165Jun 19, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

  • CVE-2020-8164Jun 19, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

  • CVE-2020-8184Jun 19, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

  • CVE-2020-11076May 22, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

  • CVE-2019-18904Apr 3, 2020
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applicati

  • CVE-2019-16770Dec 5, 2019
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p

  • CVE-2019-11068CriApr 10, 2019
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

  • CVE-2019-5420Mar 27, 2019
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code ex

  • CVE-2019-5419Mar 27, 2019
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

  • CVE-2018-16470Nov 13, 2018
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.

  • CVE-2018-16468Oct 30, 2018
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

  • CVE-2018-14404MedJul 19, 2018
    affected < 2.6.13-1.1fixed 2.6.13-1.1

    A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2