rpm package
suse/release-notes-susemanager-proxy&distro=SUSE Manager Retail Branch Server 4.3
pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31129 | — | < 4.3.2-150400.3.9.3 | 4.3.2-150400.3.9.3 | Jul 6, 2022 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried | ||
| CVE-2021-41411 | — | < 4.3.2-150400.3.9.3 | 4.3.2-150400.3.9.3 | Jun 16, 2022 | drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. | ||
| CVE-2021-43138 | — | < 4.3.2-150400.3.9.3 | 4.3.2-150400.3.9.3 | Apr 6, 2022 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||
| CVE-2022-0860 | — | < 4.3.2-150400.3.9.3 | 4.3.2-150400.3.9.3 | Mar 11, 2022 | Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | ||
| CVE-2021-42740 | — | < 4.3.2-150400.3.9.3 | 4.3.2-150400.3.9.3 | Oct 21, 2021 | The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command wi |
- CVE-2022-31129Jul 6, 2022affected < 4.3.2-150400.3.9.3fixed 4.3.2-150400.3.9.3
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried
- CVE-2021-41411Jun 16, 2022affected < 4.3.2-150400.3.9.3fixed 4.3.2-150400.3.9.3
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
- CVE-2021-43138Apr 6, 2022affected < 4.3.2-150400.3.9.3fixed 4.3.2-150400.3.9.3
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
- CVE-2022-0860Mar 11, 2022affected < 4.3.2-150400.3.9.3fixed 4.3.2-150400.3.9.3
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
- CVE-2021-42740Oct 21, 2021affected < 4.3.2-150400.3.9.3fixed 4.3.2-150400.3.9.3
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command wi