rpm package
suse/spacecmd&distro=SUSE Manager Proxy Module 4.1
pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-21698 | — | < 4.1.18-150200.4.39.3 | 4.1.18-150200.4.39.3 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2020-25592 | — | < 4.1.8-4.9.2 | 4.1.8-4.9.2 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | ||
| CVE-2020-17490 | — | < 4.1.8-4.9.2 | 4.1.8-4.9.2 | Nov 6, 2020 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | ||
| CVE-2020-16846 | — | KEV | < 4.1.8-4.9.2 | 4.1.8-4.9.2 | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |
| CVE-2020-15168 | — | < 4.1.8-4.9.2 | 4.1.8-4.9.2 | Sep 10, 2020 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have | ||
| CVE-2020-11022 | Med | 6.9 | < 4.1.6-4.3.6 | 4.1.6-4.3.6 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- CVE-2022-21698Feb 15, 2022affected < 4.1.18-150200.4.39.3fixed 4.1.18-150200.4.39.3
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2020-25592Nov 6, 2020affected < 4.1.8-4.9.2fixed 4.1.8-4.9.2
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- CVE-2020-17490Nov 6, 2020affected < 4.1.8-4.9.2fixed 4.1.8-4.9.2
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- affected < 4.1.8-4.9.2fixed 4.1.8-4.9.2
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- CVE-2020-15168Sep 10, 2020affected < 4.1.8-4.9.2fixed 4.1.8-4.9.2
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have
- affected < 4.1.6-4.3.6fixed 4.1.6-4.3.6
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.