rpm package

suse/mgr-virtualization&distro=SUSE Manager Client Tools 12

pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012

Vulnerabilities (23)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-10215	—	< 4.1.1-1.14.3	4.1.1-1.14.3	Oct 8, 2019	Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
CVE-2019-15043	—	< 4.1.1-1.14.3	4.1.1-1.14.3	Sep 3, 2019	In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-10136	—	< 4.0.8-1.8.3	4.0.8-1.8.3	Jul 2, 2019	It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

CVE-2019-10215Oct 8, 2019
affected < 4.1.1-1.14.3fixed 4.1.1-1.14.3
Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. An attacker could exploit this via user interaction to execute code in the user's browser.
CVE-2019-15043Sep 3, 2019
affected < 4.1.1-1.14.3fixed 4.1.1-1.14.3
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-10136Jul 2, 2019
affected < 4.0.8-1.8.3fixed 4.0.8-1.8.3
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

Page 2 of 2