rpm package
suse/susemanager-build-keys&distro=SUSE Manager Server Module 4.1
pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31607 | — | < 15.2.4-3.17.1 | 15.2.4-3.17.1 | Apr 23, 2021 | In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s | ||
| CVE-2021-28657 | — | < 15.2.4-3.17.1 | 15.2.4-3.17.1 | Mar 31, 2021 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | ||
| CVE-2020-25592 | — | < 15.2.2-3.6.3 | 15.2.2-3.6.3 | Nov 6, 2020 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | ||
| CVE-2020-17490 | — | < 15.2.2-3.6.3 | 15.2.2-3.6.3 | Nov 6, 2020 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | ||
| CVE-2020-16846 | — | KEV | < 15.2.2-3.6.3 | 15.2.2-3.6.3 | Nov 6, 2020 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. | |
| CVE-2020-15168 | — | < 15.2.2-3.6.3 | 15.2.2-3.6.3 | Sep 10, 2020 | node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have | ||
| CVE-2019-14900 | — | < 15.2.1-3.3.2 | 15.2.1-3.3.2 | Jul 6, 2020 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacke |
- CVE-2021-31607Apr 23, 2021affected < 15.2.4-3.17.1fixed 15.2.4-3.17.1
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s
- CVE-2021-28657Mar 31, 2021affected < 15.2.4-3.17.1fixed 15.2.4-3.17.1
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2020-25592Nov 6, 2020affected < 15.2.2-3.6.3fixed 15.2.2-3.6.3
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
- CVE-2020-17490Nov 6, 2020affected < 15.2.2-3.6.3fixed 15.2.2-3.6.3
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
- affected < 15.2.2-3.6.3fixed 15.2.2-3.6.3
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
- CVE-2020-15168Sep 10, 2020affected < 15.2.2-3.6.3fixed 15.2.2-3.6.3
node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have
- CVE-2019-14900Jul 6, 2020affected < 15.2.1-3.3.2fixed 15.2.1-3.3.2
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacke