spacewalk-client-tools (SUSE:Manager Server Module 4.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Server Module 4.1 package spacewalk-client-tools, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2020-25592 — CVSS 9.8 (critical): In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke…
CVE-2020-26217 — CVSS 8.0 (high): XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell…
CVE-2020-25638 — CVSS 7.4 (high): A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA…
CVE-2020-26259 — CVSS 6.8 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2020-26258 — CVSS 6.3 (medium): XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request…
CVE-2020-15168 — CVSS 2.6 (low): node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content…