VYPR

rpm package

suse/python-susemanager-retail&distro=SUSE Manager Server Module 4.1

pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%20Module%204.1

Vulnerabilities (5)

  • CVE-2020-25592Nov 6, 2020
    affected < 1.0.1602150122.f08af0a-3.3.2fixed 1.0.1602150122.f08af0a-3.3.2

    In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.

  • CVE-2020-17490Nov 6, 2020
    affected < 1.0.1602150122.f08af0a-3.3.2fixed 1.0.1602150122.f08af0a-3.3.2

    The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.

  • CVE-2020-16846KEVNov 6, 2020
    affected < 1.0.1602150122.f08af0a-3.3.2fixed 1.0.1602150122.f08af0a-3.3.2

    An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.

  • CVE-2020-15168Sep 10, 2020
    affected < 1.0.1602150122.f08af0a-3.3.2fixed 1.0.1602150122.f08af0a-3.3.2

    node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have

  • CVE-2020-13692Jun 4, 2020
    affected < 1.0.1605087464.65d1b51-3.6.5fixed 1.0.1605087464.65d1b51-3.6.5

    PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.