rpm package
suse/ardana-monasca&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (49)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10876 | — | < 9.0+git.1556731170.c8210e0-3.3.5 | 9.0+git.1556731170.c8210e0-3.3.5 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-3828 | — | < 9.0+git.1589385256.7fbfaaf-3.19.2 | 9.0+git.1589385256.7fbfaaf-3.19.2 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2019-9740 | — | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Mar 13, 2019 | An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string | ||
| CVE-2019-9735 | — | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2019-7164 | — | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Feb 20, 2019 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | ||
| CVE-2019-7548 | — | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Feb 6, 2019 | SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | ||
| CVE-2018-19039 | — | < 9.0+git.1556731170.c8210e0-3.3.5 | 9.0+git.1556731170.c8210e0-3.3.5 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2017-17051 | Hig | 8.6 | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 9.0+git.1566332665.ad894c0-3.7.2 | 9.0+git.1566332665.ad894c0-3.7.2 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-10876Apr 5, 2019affected < 9.0+git.1556731170.c8210e0-3.3.5fixed 9.0+git.1556731170.c8210e0-3.3.5
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-3828Mar 27, 2019affected < 9.0+git.1589385256.7fbfaaf-3.19.2fixed 9.0+git.1589385256.7fbfaaf-3.19.2
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- CVE-2019-9740Mar 13, 2019affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string
- CVE-2019-9735Mar 13, 2019affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- CVE-2019-7164Feb 20, 2019affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
- CVE-2019-7548Feb 6, 2019affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
- CVE-2018-19039Dec 13, 2018affected < 9.0+git.1556731170.c8210e0-3.3.5fixed 9.0+git.1556731170.c8210e0-3.3.5
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 9.0+git.1566332665.ad894c0-3.7.2fixed 9.0+git.1566332665.ad894c0-3.7.2
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 3 of 3