rpm package
suse/spacewalk-proxy-installer&distro=SUSE Manager Proxy 3.2
pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%203.2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11022 | Med | 6.9 | < 2.8.6.8-3.18.1 | 2.8.6.8-3.18.1 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |
| CVE-2019-3684 | — | < 2.8.6.6-3.12.1 | 2.8.6.6-3.12.1 | May 13, 2019 | SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem | ||
| CVE-2018-17197 | — | < 2.8.6.4-3.6.13 | 2.8.6.4-3.6.13 | Dec 24, 2018 | A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. |
- affected < 2.8.6.8-3.18.1fixed 2.8.6.8-3.18.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- CVE-2019-3684May 13, 2019affected < 2.8.6.6-3.12.1fixed 2.8.6.6-3.12.1
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
- CVE-2018-17197Dec 24, 2018affected < 2.8.6.4-3.6.13fixed 2.8.6.4-3.6.13
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.