rpm package
suse/uyuni-proxy-systemd-services&distro=SUSE Manager Client Tools for SLE Micro 5
pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-31097 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Jul 15, 2022 | Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability | ||
| CVE-2022-29170 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | May 20, 2022 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with versio | ||
| CVE-2021-43138 | — | < 4.3.10-150000.1.15.1 | 4.3.10-150000.1.15.1 | Apr 6, 2022 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||
| CVE-2022-0155 | — | < 4.3.10-150000.1.15.1 | 4.3.10-150000.1.15.1 | Jan 10, 2022 | follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor | ||
| CVE-2021-43815 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Dec 10, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured | ||
| CVE-2021-43813 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Dec 10, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi | ||
| CVE-2021-43798 | — | KEV | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Dec 7, 2021 | Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, | |
| CVE-2021-41244 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Nov 15, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana | ||
| CVE-2021-3918 | — | < 4.3.10-150000.1.15.1 | 4.3.10-150000.1.15.1 | Nov 13, 2021 | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||
| CVE-2021-41174 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Nov 3, 2021 | Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user vi | ||
| CVE-2021-3807 | — | < 4.3.10-150000.1.15.1 | 4.3.10-150000.1.15.1 | Sep 17, 2021 | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||
| CVE-2021-3711 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Aug 24, 2021 | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with | ||
| CVE-2021-36222 | — | < 4.3.7-150000.1.9.3 | 4.3.7-150000.1.9.3 | Jul 22, 2021 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a | ||
| CVE-2020-7753 | — | < 4.3.10-150000.1.15.1 | 4.3.10-150000.1.15.1 | Oct 27, 2020 | All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | ||
| CVE-2020-14365 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | Sep 23, 2020 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be | ||
| CVE-2020-14332 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | Sep 11, 2020 | A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is t | ||
| CVE-2020-14330 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | Sep 11, 2020 | An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other user | ||
| CVE-2020-10744 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | May 15, 2020 | An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18 | ||
| CVE-2020-1753 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | Mar 16, 2020 | A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are | ||
| CVE-2016-8614 | — | < 4.3.12-150000.1.21.2 | 4.3.12-150000.1.21.2 | Jul 31, 2018 | A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key. |
- CVE-2022-31097Jul 15, 2022affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability
- CVE-2022-29170May 20, 2022affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with versio
- CVE-2021-43138Apr 6, 2022affected < 4.3.10-150000.1.15.1fixed 4.3.10-150000.1.15.1
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
- CVE-2022-0155Jan 10, 2022affected < 4.3.10-150000.1.15.1fixed 4.3.10-150000.1.15.1
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-43815Dec 10, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured
- CVE-2021-43813Dec 10, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files wi
- affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`,
- CVE-2021-41244Nov 15, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana
- CVE-2021-3918Nov 13, 2021affected < 4.3.10-150000.1.15.1fixed 4.3.10-150000.1.15.1
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- CVE-2021-41174Nov 3, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user vi
- CVE-2021-3807Sep 17, 2021affected < 4.3.10-150000.1.15.1fixed 4.3.10-150000.1.15.1
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
- CVE-2021-3711Aug 24, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with
- CVE-2021-36222Jul 22, 2021affected < 4.3.7-150000.1.9.3fixed 4.3.7-150000.1.9.3
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a
- CVE-2020-7753Oct 27, 2020affected < 4.3.10-150000.1.15.1fixed 4.3.10-150000.1.15.1
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
- CVE-2020-14365Sep 23, 2020affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default be
- CVE-2020-14332Sep 11, 2020affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is t
- CVE-2020-14330Sep 11, 2020affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other user
- CVE-2020-10744May 15, 2020affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18
- CVE-2020-1753Mar 16, 2020affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are
- CVE-2016-8614Jul 31, 2018affected < 4.3.12-150000.1.21.2fixed 4.3.12-150000.1.21.2
A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.
Page 2 of 3