rpm package
suse/grafana-formula&distro=SUSE Manager Server Module 4.0
pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31607 | — | < 0.2.3-4.16.3 | 0.2.3-4.16.3 | Apr 23, 2021 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s | ||
| CVE-2021-28657 | — | < 0.2.3-4.16.3 | 0.2.3-4.16.3 | Mar 31, 2021 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | ||
| CVE-2020-13692 | — | < 0.2.2-4.13.1 | 0.2.2-4.13.1 | Jun 4, 2020 | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||
| CVE-2020-7598 | — | < 0.2-4.7.2 | 0.2-4.7.2 | Mar 11, 2020 | minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | ||
| CVE-2018-10936 | — | < 0.2.2-4.13.1 | 0.2.2-4.13.1 | Aug 30, 2018 | A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a tru |
- CVE-2021-31607Apr 23, 2021affected < 0.2.3-4.16.3fixed 0.2.3-4.16.3
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s
- CVE-2021-28657Mar 31, 2021affected < 0.2.3-4.16.3fixed 0.2.3-4.16.3
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2020-13692Jun 4, 2020affected < 0.2.2-4.13.1fixed 0.2.2-4.13.1
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
- CVE-2020-7598Mar 11, 2020affected < 0.2-4.7.2fixed 0.2-4.7.2
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
- CVE-2018-10936Aug 30, 2018affected < 0.2.2-4.13.1fixed 0.2.2-4.13.1
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a tru