VYPR

rpm package

suse/dracut-saltboot&distro=SUSE Manager Client Tools 15

pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015

Vulnerabilities (82)

  • CVE-2022-31107Jul 15, 2022
    affected < 0.1.1661440542.6cbe0da-150000.1.38.1fixed 0.1.1661440542.6cbe0da-150000.1.38.1

    Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take ove

  • CVE-2022-31097Jul 15, 2022
    affected < 0.1.1661440542.6cbe0da-150000.1.38.1fixed 0.1.1661440542.6cbe0da-150000.1.38.1

    Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability

  • CVE-2022-29170May 20, 2022
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with versio

  • CVE-2021-43138Apr 6, 2022
    affected < 0.1.1681904360.84ef141-150000.1.50.1fixed 0.1.1681904360.84ef141-150000.1.50.1

    In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

  • CVE-2021-20180Mar 16, 2022
    affected < 0.1.1657643023.0d694ce-150000.1.35.1fixed 0.1.1657643023.0d694ce-150000.1.35.1

    A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f

  • CVE-2021-3620Mar 3, 2022
    affected < 0.1.1657643023.0d694ce-150000.1.35.1fixed 0.1.1657643023.0d694ce-150000.1.35.1

    A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

  • CVE-2022-0155Jan 10, 2022
    affected < 0.1.1681904360.84ef141-150000.1.50.1fixed 0.1.1681904360.84ef141-150000.1.50.1

    follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

  • CVE-2021-43815Dec 10, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured

  • CVE-2021-43813Dec 10, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi

  • CVE-2021-43798KEVDec 7, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,

  • CVE-2021-41244Nov 15, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana

  • CVE-2021-3918Nov 13, 2021
    affected < 0.1.1681904360.84ef141-150000.1.50.1fixed 0.1.1681904360.84ef141-150000.1.50.1

    json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

  • CVE-2021-41174Nov 3, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user vi

  • CVE-2021-3583Sep 22, 2021
    affected < 0.1.1657643023.0d694ce-150000.1.35.1fixed 0.1.1657643023.0d694ce-150000.1.35.1

    A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special templ

  • CVE-2021-3807Sep 17, 2021
    affected < 0.1.1681904360.84ef141-150000.1.50.1fixed 0.1.1681904360.84ef141-150000.1.50.1

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity

  • CVE-2021-3711Aug 24, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with

  • CVE-2021-36222Jul 22, 2021
    affected < 0.1.1665997480.587fa10-150000.1.41.1fixed 0.1.1665997480.587fa10-150000.1.41.1

    ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a

  • CVE-2021-20191May 26, 2021
    affected < 0.1.1657643023.0d694ce-150000.1.35.1fixed 0.1.1657643023.0d694ce-150000.1.35.1

    A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulne

  • CVE-2021-20178May 26, 2021
    affected < 0.1.1657643023.0d694ce-150000.1.35.1fixed 0.1.1657643023.0d694ce-150000.1.35.1

    A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat f

  • CVE-2021-29622May 19, 2021
    affected < 0.1.1627546504.96a0b3e-1.27.1fixed 0.1.1627546504.96a0b3e-1.27.1

    Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL

Page 3 of 5