rpm package
suse/ardana-nova&distro=HPE Helion OpenStack 8
pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10875 | — | < 8.0+git.1601298847.dd01585-3.42.1 | 8.0+git.1601298847.dd01585-3.42.1 | Jul 13, 2018 | A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | ||
| CVE-2017-7466 | — | < 8.0+git.1601298847.dd01585-3.42.1 | 8.0+git.1601298847.dd01585-3.42.1 | Jun 22, 2018 | Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi | ||
| CVE-2016-9587 | — | < 8.0+git.1601298847.dd01585-3.42.1 | 8.0+git.1601298847.dd01585-3.42.1 | Apr 24, 2018 | Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi | ||
| CVE-2017-17051 | Hig | 8.6 | < 8.0+git.1565388406.c6abb8d-3.32.1 | 8.0+git.1565388406.c6abb8d-3.32.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2017-7550 | Cri | 9.8 | < 8.0+git.1601298847.dd01585-3.42.1 | 8.0+git.1601298847.dd01585-3.42.1 | Nov 21, 2017 | A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t | |
| CVE-2016-10127 | Cri | 9.0 | < 8.0+git.1566902754.c58ff69-3.35.3 | 8.0+git.1566902754.c58ff69-3.35.3 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |
| CVE-2015-3448 | — | < 8.0+git.1565388406.c6abb8d-3.32.1 | 8.0+git.1565388406.c6abb8d-3.32.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2018-10875Jul 13, 2018affected < 8.0+git.1601298847.dd01585-3.42.1fixed 8.0+git.1601298847.dd01585-3.42.1
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
- CVE-2017-7466Jun 22, 2018affected < 8.0+git.1601298847.dd01585-3.42.1fixed 8.0+git.1601298847.dd01585-3.42.1
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbi
- CVE-2016-9587Apr 24, 2018affected < 8.0+git.1601298847.dd01585-3.42.1fixed 8.0+git.1601298847.dd01585-3.42.1
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use thi
- affected < 8.0+git.1565388406.c6abb8d-3.32.1fixed 8.0+git.1565388406.c6abb8d-3.32.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- affected < 8.0+git.1601298847.dd01585-3.42.1fixed 8.0+git.1601298847.dd01585-3.42.1
A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords t
- affected < 8.0+git.1566902754.c58ff69-3.35.3fixed 8.0+git.1566902754.c58ff69-3.35.3
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
- CVE-2015-3448Apr 29, 2015affected < 8.0+git.1565388406.c6abb8d-3.32.1fixed 8.0+git.1565388406.c6abb8d-3.32.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 5 of 5