rpm package
suse/rmt-server&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28120 | Med | 5.3 | < 2.13-150200.3.32.1 | 2.13-150200.3.32.1 | Jan 9, 2025 | There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | |
| CVE-2024-28103 | — | < 2.17-150200.3.45.1 | 2.17-150200.3.45.1 | Jun 4, 2024 | Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3. | ||
| CVE-2023-27530 | — | < 2.13-150200.3.32.1 | 2.13-150200.3.32.1 | Mar 10, 2023 | A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | ||
| CVE-2022-31254 | — | < 2.10-150200.3.29.1 | 2.10-150200.3.29.1 | Feb 7, 2023 | A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt u |
- affected < 2.13-150200.3.32.1fixed 2.13-150200.3.32.1
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
- CVE-2024-28103Jun 4, 2024affected < 2.17-150200.3.45.1fixed 2.17-150200.3.45.1
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
- CVE-2023-27530Mar 10, 2023affected < 2.13-150200.3.32.1fixed 2.13-150200.3.32.1
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
- CVE-2022-31254Feb 7, 2023affected < 2.10-150200.3.29.1fixed 2.10-150200.3.29.1
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt u