rpm package
suse/mgr-osad&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28477 | — | < 4.1.5-2.9.4 | 4.1.5-2.9.4 | Jan 19, 2021 | This affects all versions of package immer. | ||
| CVE-2020-26258 | — | < 4.1.5-2.9.4 | 4.1.5-2.9.4 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are | ||
| CVE-2020-26259 | — | < 4.1.5-2.9.4 | 4.1.5-2.9.4 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo | ||
| CVE-2020-25638 | — | < 4.1.6-2.12.2 | 4.1.6-2.12.2 | Dec 2, 2020 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u | ||
| CVE-2020-26217 | — | < 4.1.5-2.9.4 | 4.1.5-2.9.4 | Nov 16, 2020 | XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram | ||
| CVE-2020-11022 | Med | 6.9 | < 4.1.3-2.3.6 | 4.1.3-2.3.6 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- CVE-2020-28477Jan 19, 2021affected < 4.1.5-2.9.4fixed 4.1.5-2.9.4
This affects all versions of package immer.
- CVE-2020-26258Dec 16, 2020affected < 4.1.5-2.9.4fixed 4.1.5-2.9.4
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are
- CVE-2020-26259Dec 16, 2020affected < 4.1.5-2.9.4fixed 4.1.5-2.9.4
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo
- CVE-2020-25638Dec 2, 2020affected < 4.1.6-2.12.2fixed 4.1.6-2.12.2
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u
- CVE-2020-26217Nov 16, 2020affected < 4.1.5-2.9.4fixed 4.1.5-2.9.4
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram
- affected < 4.1.3-2.3.6fixed 4.1.3-2.3.6
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.