rpm package
suse/rmt-server&distro=SUSE Linux Enterprise Module for Server Applications 15
pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-18904 | — | < 2.5.2-3.26.1 | 2.5.2-3.26.1 | Apr 3, 2020 | A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applicati | ||
| CVE-2019-11068 | Cri | 9.8 | < 2.1.4-3.17.1 | 2.1.4-3.17.1 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | |
| CVE-2019-5419 | — | < 2.1.4-3.17.1 | 2.1.4-3.17.1 | Mar 27, 2019 | There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | ||
| CVE-2018-16470 | — | < 1.1.1-3.13.1 | 1.1.1-3.13.1 | Nov 13, 2018 | There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size. | ||
| CVE-2018-16468 | — | < 1.1.1-3.13.1 | 1.1.1-3.13.1 | Oct 30, 2018 | In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | ||
| CVE-2018-14404 | Med | 6.5 | < 1.1.1-3.13.1 | 1.1.1-3.13.1 | Jul 19, 2018 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 |
- CVE-2019-18904Apr 3, 2020affected < 2.5.2-3.26.1fixed 2.5.2-3.26.1
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applicati
- affected < 2.1.4-3.17.1fixed 2.1.4-3.17.1
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-5419Mar 27, 2019affected < 2.1.4-3.17.1fixed 2.1.4-3.17.1
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
- CVE-2018-16470Nov 13, 2018affected < 1.1.1-3.13.1fixed 1.1.1-3.13.1
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
- CVE-2018-16468Oct 30, 2018affected < 1.1.1-3.13.1fixed 1.1.1-3.13.1
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
- affected < 1.1.1-3.13.1fixed 1.1.1-3.13.1
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2