rpm package
suse/ardana-neutron&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33203 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Jun 8, 2021 | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs te | ||
| CVE-2021-33571 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Jun 8, 2021 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4 | ||
| CVE-2020-10743 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 2, 2021 | It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, | ||
| CVE-2021-31542 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | May 5, 2021 | In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | ||
| CVE-2021-28658 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Apr 6, 2021 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. | ||
| CVE-2021-27358 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Mar 18, 2021 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | ||
| CVE-2019-25025 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Mar 5, 2021 | The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepanci | ||
| CVE-2021-23336 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Feb 15, 2021 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When | ||
| CVE-2020-17516 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Feb 3, 2021 | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted | ||
| CVE-2021-21238 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Jan 21, 2021 | PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Sig | ||
| CVE-2021-21239 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Jan 21, 2021 | PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted | ||
| CVE-2020-29651 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Dec 9, 2020 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | ||
| CVE-2020-24303 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Oct 28, 2020 | Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | ||
| CVE-2020-11110 | — | < 9.0+git.1615223676.777f0b3-3.25.2 | 9.0+git.1615223676.777f0b3-3.25.2 | Jul 27, 2020 | Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. | ||
| CVE-2020-10177 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 25, 2020 | Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. | ||
| CVE-2020-11538 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 25, 2020 | In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311. | ||
| CVE-2020-10994 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 25, 2020 | In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | ||
| CVE-2020-10378 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 25, 2020 | In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer. | ||
| CVE-2020-8184 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 19, 2020 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | ||
| CVE-2020-10755 | — | < 9.0+git.1590756257.e09d54f-3.22.2 | 9.0+git.1590756257.e09d54f-3.22.2 | Jun 10, 2020 | An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with th |
- CVE-2021-33203Jun 8, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs te
- CVE-2021-33571Jun 8, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. (validate_ipv4
- CVE-2020-10743Jun 2, 2021affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana,
- CVE-2021-31542May 5, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
- CVE-2021-28658Apr 6, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
- CVE-2021-27358Mar 18, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
- CVE-2019-25025Mar 5, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepanci
- CVE-2021-23336Feb 15, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When
- CVE-2020-17516Feb 3, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted
- CVE-2021-21238Jan 21, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Sig
- CVE-2021-21239Jan 21, 2021affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted
- CVE-2020-29651Dec 9, 2020affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
- CVE-2020-24303Oct 28, 2020affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
- CVE-2020-11110Jul 27, 2020affected < 9.0+git.1615223676.777f0b3-3.25.2fixed 9.0+git.1615223676.777f0b3-3.25.2
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
- CVE-2020-10177Jun 25, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
- CVE-2020-11538Jun 25, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
- CVE-2020-10994Jun 25, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
- CVE-2020-10378Jun 25, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
- CVE-2020-8184Jun 19, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.
- CVE-2020-10755Jun 10, 2020affected < 9.0+git.1590756257.e09d54f-3.22.2fixed 9.0+git.1590756257.e09d54f-3.22.2
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with th
Page 1 of 4