rpm package
suse/spacewalk-client-tools&distro=SUSE Manager Proxy Module 4.1
pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.1
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28477 | — | < 4.1.9-4.12.4 | 4.1.9-4.12.4 | Jan 19, 2021 | This affects all versions of package immer. | ||
| CVE-2020-26258 | — | < 4.1.9-4.12.4 | 4.1.9-4.12.4 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are | ||
| CVE-2020-26259 | — | < 4.1.9-4.12.4 | 4.1.9-4.12.4 | Dec 16, 2020 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo | ||
| CVE-2020-26217 | — | < 4.1.9-4.12.4 | 4.1.9-4.12.4 | Nov 16, 2020 | XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram | ||
| CVE-2020-25592 | — | < 4.1.7-4.6.4 | 4.1.7-4.6.4 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | ||
| CVE-2020-17490 | — | < 4.1.7-4.6.4 | 4.1.7-4.6.4 | Nov 6, 2020 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | ||
| CVE-2020-16846 | — | KEV | < 4.1.7-4.6.4 | 4.1.7-4.6.4 | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |
| CVE-2020-15168 | — | < 4.1.7-4.6.4 | 4.1.7-4.6.4 | Sep 10, 2020 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have |
- CVE-2020-28477Jan 19, 2021affected < 4.1.9-4.12.4fixed 4.1.9-4.12.4
This affects all versions of package immer.
- CVE-2020-26258Dec 16, 2020affected < 4.1.9-4.12.4fixed 4.1.9-4.12.4
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are
- CVE-2020-26259Dec 16, 2020affected < 4.1.9-4.12.4fixed 4.1.9-4.12.4
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as lo
- CVE-2020-26217Nov 16, 2020affected < 4.1.9-4.12.4fixed 4.1.9-4.12.4
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Fram
- CVE-2020-25592Nov 6, 2020affected < 4.1.7-4.6.4fixed 4.1.7-4.6.4
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- CVE-2020-17490Nov 6, 2020affected < 4.1.7-4.6.4fixed 4.1.7-4.6.4
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- affected < 4.1.7-4.6.4fixed 4.1.7-4.6.4
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- CVE-2020-15168Sep 10, 2020affected < 4.1.7-4.6.4fixed 4.1.7-4.6.4
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have