rpm package

suse/image-sync-formula&distro=SUSE Manager Server Module 4.3

pkg:rpm/suse/image-sync-formula&distro=SUSE%20Manager%20Server%20Module%204.3

Vulnerabilities (6)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-51775	—	< 0.1.1711646883.4a44375-150400.3.18.4	0.1.1711646883.4a44375-150400.3.18.4	Dec 25, 2023	The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2022-1415	—	< 0.1.1673279145.e7616bd-150400.3.9.3	0.1.1673279145.e7616bd-150400.3.9.3	Sep 11, 2023	A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
CVE-2023-29409	—	< 0.1.1692188980.9aa0455-150400.3.15.13	0.1.1692188980.9aa0455-150400.3.15.13	Aug 2, 2023	Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
CVE-2022-31248	—	< 0.1.1658330139.861779d-150400.3.3.1	0.1.1658330139.861779d-150400.3.3.1	Jun 22, 2022	A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.
CVE-2021-41411	—	< 0.1.1661440542.6cbe0da-150400.3.6.1	0.1.1661440542.6cbe0da-150400.3.6.1	Jun 16, 2022	drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2022-0860	—	< 0.1.1661440542.6cbe0da-150400.3.6.1	0.1.1661440542.6cbe0da-150400.3.6.1	Mar 11, 2022	Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

CVE-2023-51775Dec 25, 2023
affected < 0.1.1711646883.4a44375-150400.3.18.4fixed 0.1.1711646883.4a44375-150400.3.18.4
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2022-1415Sep 11, 2023
affected < 0.1.1673279145.e7616bd-150400.3.9.3fixed 0.1.1673279145.e7616bd-150400.3.9.3
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
CVE-2023-29409Aug 2, 2023
affected < 0.1.1692188980.9aa0455-150400.3.15.13fixed 0.1.1692188980.9aa0455-150400.3.15.13
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr
CVE-2022-31248Jun 22, 2022
affected < 0.1.1658330139.861779d-150400.3.3.1fixed 0.1.1658330139.861779d-150400.3.3.1
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.
CVE-2021-41411Jun 16, 2022
affected < 0.1.1661440542.6cbe0da-150400.3.6.1fixed 0.1.1661440542.6cbe0da-150400.3.6.1
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2022-0860Mar 11, 2022
affected < 0.1.1661440542.6cbe0da-150400.3.6.1fixed 0.1.1661440542.6cbe0da-150400.3.6.1
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.