rpm package
suse/ardana-monasca&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (34)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41136 | Low | 3.7 | < 8.0+git.1627997000.6c3bc04-3.30.1 | 8.0+git.1627997000.6c3bc04-3.30.1 | Oct 12, 2021 | Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p | |
| CVE-2020-10743 | Med | 4.3 | < 8.0+git.1610740501.5dca121-3.27.1 | 8.0+git.1610740501.5dca121-3.27.1 | Jun 2, 2021 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, | |
| CVE-2021-3281 | Med | 5.3 | < 8.0+git.1610740501.5dca121-3.27.1 | 8.0+git.1610740501.5dca121-3.27.1 | Feb 2, 2021 | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. | |
| CVE-2020-26298 | Med | 6.8 | < 8.0+git.1627997000.6c3bc04-3.30.1 | 8.0+git.1627997000.6c3bc04-3.30.1 | Jan 11, 2021 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the | |
| CVE-2018-17954 | Cri | 9.3 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Apr 3, 2020 | An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a | |
| CVE-2020-9543 | Hig | 8.3 | < 8.0+git.1583944894.38f023a-3.24.1 | 8.0+git.1583944894.38f023a-3.24.1 | Mar 12, 2020 | OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares o | |
| CVE-2019-18901 | Med | 5.1 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li | |
| CVE-2020-5247 | Med | 6.5 | < 8.0+git.1583944894.38f023a-3.24.1 | 8.0+git.1583944894.38f023a-3.24.1 | Feb 28, 2020 | In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entir | |
| CVE-2020-7595 | Hig | 7.5 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jan 21, 2020 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | |
| CVE-2020-2574 | Med | 5.9 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jan 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | |
| CVE-2019-16770 | Med | 5.3 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Dec 5, 2019 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p | |
| CVE-2019-2974 | Med | 6.5 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Oct 16, 2019 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | |
| CVE-2019-2938 | Med | 4.4 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Oct 16, 2019 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | |
| CVE-2017-1002201 | Med | 6.1 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Oct 15, 2019 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e | |
| CVE-2019-15026 | Hig | 7.5 | < 8.0+git.1583944894.38f023a-3.24.1 | 8.0+git.1583944894.38f023a-3.24.1 | Aug 30, 2019 | memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c. | |
| CVE-2019-2805 | Med | 6.5 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu | |
| CVE-2019-2758 | Med | 5.5 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2019-2740 | Med | 6.5 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi | |
| CVE-2019-2739 | Med | 5.1 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon | |
| CVE-2019-2737 | Med | 4.9 | < 8.0+git.1572527728.9b34bdf-3.21.3 | 8.0+git.1572527728.9b34bdf-3.21.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc |
- affected < 8.0+git.1627997000.6c3bc04-3.30.1fixed 8.0+git.1627997000.6c3bc04-3.30.1
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p
- affected < 8.0+git.1610740501.5dca121-3.27.1fixed 8.0+git.1610740501.5dca121-3.27.1
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana,
- affected < 8.0+git.1610740501.5dca121-3.27.1fixed 8.0+git.1610740501.5dca121-3.27.1
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
- affected < 8.0+git.1627997000.6c3bc04-3.30.1fixed 8.0+git.1627997000.6c3bc04-3.30.1
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a
- affected < 8.0+git.1583944894.38f023a-3.24.1fixed 8.0+git.1583944894.38f023a-3.24.1
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares o
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li
- affected < 8.0+git.1583944894.38f023a-3.24.1fixed 8.0+git.1583944894.38f023a-3.24.1
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entir
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e
- affected < 8.0+git.1583944894.38f023a-3.24.1fixed 8.0+git.1583944894.38f023a-3.24.1
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon
- affected < 8.0+git.1572527728.9b34bdf-3.21.3fixed 8.0+git.1572527728.9b34bdf-3.21.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc
Page 1 of 2