rpm package

suse/python-susemanager-retail&distro=SUSE Manager Server 3.2

pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%203.2

Vulnerabilities (3)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-11022	Med	6.9	< 1.0.1584363976.36bce64-2.12.1	1.0.1584363976.36bce64-2.12.1	Apr 29, 2020	In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2018-17197		—	< 1.0.1544459934.07229ad-2.9.13	1.0.1544459934.07229ad-2.9.13	Dec 24, 2018	A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
CVE-2018-11761		—	< 1.0.1542643545.8752d17-2.6.3	1.0.1542643545.8752d17-2.6.3	Sep 19, 2018	In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

CVE-2020-11022MedApr 29, 2020
affected < 1.0.1584363976.36bce64-2.12.1fixed 1.0.1584363976.36bce64-2.12.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2018-17197Dec 24, 2018
affected < 1.0.1544459934.07229ad-2.9.13fixed 1.0.1544459934.07229ad-2.9.13
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
CVE-2018-11761Sep 19, 2018
affected < 1.0.1542643545.8752d17-2.6.3fixed 1.0.1542643545.8752d17-2.6.3
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.