VYPR

rpm package

suse/rmt-server&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4

pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4

Vulnerabilities (6)

  • CVE-2025-46727HigMay 7, 2025
    affected < 2.23-150400.3.42.1fixed 2.23-150400.3.42.1

    Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers

  • CVE-2025-32441MedMay 7, 2025
    affected < 2.23-150400.3.42.1fixed 2.23-150400.3.42.1

    Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the

  • CVE-2023-28120MedJan 9, 2025
    affected < 2.13-150400.3.12.1fixed 2.13-150400.3.12.1

    There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.

  • CVE-2024-28103MedJun 4, 2024
    affected < 2.17-150400.3.25.1fixed 2.17-150400.3.25.1

    Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.

  • CVE-2023-27530HigMar 10, 2023
    affected < 2.13-150400.3.12.1fixed 2.13-150400.3.12.1

    A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.

  • CVE-2022-31254HigFeb 7, 2023
    affected < 2.10-150400.3.9.1fixed 2.10-150400.3.9.1

    A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt u