rpm package
suse/zypp-plugin-spacewalk&distro=SUSE Manager Proxy 3.2
pkg:rpm/suse/zypp-plugin-spacewalk&distro=SUSE%20Manager%20Proxy%203.2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11022 | Med | 6.9 | < 1.0.7-3.13.1 | 1.0.7-3.13.1 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |
| CVE-2019-3684 | — | < 1.0.5-3.7.1 | 1.0.5-3.7.1 | May 13, 2019 | SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem |
- affected < 1.0.7-3.13.1fixed 1.0.7-3.13.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
- CVE-2019-3684May 13, 2019affected < 1.0.5-3.7.1fixed 1.0.5-3.7.1
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem