rpm package
suse/ardana-input-model&distro=HPE Helion OpenStack 8
pkg:rpm/suse/ardana-input-model&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11068 | — | < 8.0+git.1557418274.fb273dd-3.27.1 | 8.0+git.1557418274.fb273dd-3.27.1 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||
| CVE-2019-10876 | — | < 8.0+git.1557418274.fb273dd-3.27.1 | 8.0+git.1557418274.fb273dd-3.27.1 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-3828 | — | < 8.0+git.1589740934.0e0ad61-3.39.1 | 8.0+git.1589740934.0e0ad61-3.39.1 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2019-9735 | — | < 8.0+git.1562848601.c3daff0-3.30.1 | 8.0+git.1562848601.c3daff0-3.30.1 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2019-6975 | — | < 8.0+git.1557418274.fb273dd-3.27.1 | 8.0+git.1557418274.fb273dd-3.27.1 | Feb 11, 2019 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | ||
| CVE-2019-3498 | — | < 8.0+git.1557418274.fb273dd-3.27.1 | 8.0+git.1557418274.fb273dd-3.27.1 | Jan 9, 2019 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use | ||
| CVE-2018-19039 | — | < 8.0+git.1566517401.98450e6-3.33.3 | 8.0+git.1566517401.98450e6-3.33.3 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2018-15727 | — | < 8.0+git.1566517401.98450e6-3.33.3 | 8.0+git.1566517401.98450e6-3.33.3 | Aug 29, 2018 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | ||
| CVE-2018-14574 | — | < 8.0+git.1557418274.fb273dd-3.27.1 | 8.0+git.1557418274.fb273dd-3.27.1 | Aug 3, 2018 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | ||
| CVE-2016-8611 | — | < 8.0+git.1539086744.5ae1d6f-3.21.2 | 8.0+git.1539086744.5ae1d6f-3.21.2 | Jul 31, 2018 | A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | ||
| CVE-2017-17051 | Hig | 8.6 | < 8.0+git.1562848601.c3daff0-3.30.1 | 8.0+git.1562848601.c3daff0-3.30.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2017-1000246 | Med | 5.3 | < 8.0+git.1589740934.0e0ad61-3.39.1 | 8.0+git.1589740934.0e0ad61-3.39.1 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |
| CVE-2016-10127 | Cri | 9.0 | < 8.0+git.1566517401.98450e6-3.33.3 | 8.0+git.1566517401.98450e6-3.33.3 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |
| CVE-2015-3448 | — | < 8.0+git.1562848601.c3daff0-3.30.1 | 8.0+git.1562848601.c3daff0-3.30.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-11068Apr 10, 2019affected < 8.0+git.1557418274.fb273dd-3.27.1fixed 8.0+git.1557418274.fb273dd-3.27.1
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-10876Apr 5, 2019affected < 8.0+git.1557418274.fb273dd-3.27.1fixed 8.0+git.1557418274.fb273dd-3.27.1
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-3828Mar 27, 2019affected < 8.0+git.1589740934.0e0ad61-3.39.1fixed 8.0+git.1589740934.0e0ad61-3.39.1
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- CVE-2019-9735Mar 13, 2019affected < 8.0+git.1562848601.c3daff0-3.30.1fixed 8.0+git.1562848601.c3daff0-3.30.1
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- CVE-2019-6975Feb 11, 2019affected < 8.0+git.1557418274.fb273dd-3.27.1fixed 8.0+git.1557418274.fb273dd-3.27.1
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
- CVE-2019-3498Jan 9, 2019affected < 8.0+git.1557418274.fb273dd-3.27.1fixed 8.0+git.1557418274.fb273dd-3.27.1
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
- CVE-2018-19039Dec 13, 2018affected < 8.0+git.1566517401.98450e6-3.33.3fixed 8.0+git.1566517401.98450e6-3.33.3
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- CVE-2018-15727Aug 29, 2018affected < 8.0+git.1566517401.98450e6-3.33.3fixed 8.0+git.1566517401.98450e6-3.33.3
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
- CVE-2018-14574Aug 3, 2018affected < 8.0+git.1557418274.fb273dd-3.27.1fixed 8.0+git.1557418274.fb273dd-3.27.1
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
- CVE-2016-8611Jul 31, 2018affected < 8.0+git.1539086744.5ae1d6f-3.21.2fixed 8.0+git.1539086744.5ae1d6f-3.21.2
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
- affected < 8.0+git.1562848601.c3daff0-3.30.1fixed 8.0+git.1562848601.c3daff0-3.30.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- affected < 8.0+git.1589740934.0e0ad61-3.39.1fixed 8.0+git.1589740934.0e0ad61-3.39.1
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
- affected < 8.0+git.1566517401.98450e6-3.33.3fixed 8.0+git.1566517401.98450e6-3.33.3
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
- CVE-2015-3448Apr 29, 2015affected < 8.0+git.1562848601.c3daff0-3.30.1fixed 8.0+git.1562848601.c3daff0-3.30.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 3 of 3