VYPR

rpm package

suse/uyuni-common-libs&distro=SUSE Manager Server Module 4.1

pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.1

Vulnerabilities (4)

  • CVE-2021-31607Apr 23, 2021
    affected < 4.1.8-3.9.1fixed 4.1.8-3.9.1

    In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the s

  • CVE-2021-28657Mar 31, 2021
    affected < 4.1.8-3.9.1fixed 4.1.8-3.9.1

    A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.

  • CVE-2020-25638Dec 2, 2020
    affected < 4.1.10-3.15.1fixed 4.1.10-3.15.1

    A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access u

  • CVE-2020-11022MedApr 29, 2020
    affected < 4.1.6-3.3.6fixed 4.1.6-3.3.6

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.