rpm package
suse/suseRegisterInfo&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25638 | — | < 4.1.4-4.6.2 | 4.1.4-4.6.2 | Dec 2, 2020 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u | ||
| CVE-2020-11022 | Med | 6.9 | < 4.1.3-4.3.6 | 4.1.3-4.3.6 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- CVE-2020-25638Dec 2, 2020affected < 4.1.4-4.6.2fixed 4.1.4-4.6.2
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u
- affected < 4.1.3-4.3.6fixed 4.1.3-4.3.6
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.