rmt-server (SUSE:Linux Enterprise Module for Server Applications 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 SP1 package rmt-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2019-5420 — CVSS 9.8 (critical): A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically…
CVE-2020-8165 — CVSS 9.8 (critical): A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal…
CVE-2019-11068 — CVSS 9.8 (critical): libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon…
CVE-2019-5419 — CVSS 7.5 (high): There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted…
CVE-2020-11076 — CVSS 7.5 (high): In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The…
CVE-2020-8184 — CVSS 7.5 (high): A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is…
CVE-2020-8164 — CVSS 7.5 (high): A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply…
CVE-2020-11077 — CVSS 6.8 (medium): In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to…
CVE-2020-8185 — CVSS 6.5 (medium): A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app…
CVE-2019-18904 — CVSS 6.5 (medium): A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux…
CVE-2020-5247 — CVSS 6.5 (medium): In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can…
CVE-2020-5249 — CVSS 6.5 (medium): In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can…
CVE-2020-8167 — CVSS 6.5 (medium): A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
CVE-2020-15169 — CVSS 5.4 (medium): In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's…
CVE-2019-16770 — CVSS 5.3 (medium): In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a…
CVE-2020-8166 — CVSS 4.3 (medium): A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token…
CVE-2020-5267 — CVSS 4.0 (medium): In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers…