rpm package
suse/ardana-spark&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/ardana-spark&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11068 | Cri | 9.8 | < 8.0+git.1539709555.5b31c25-3.12.1 | 8.0+git.1539709555.5b31c25-3.12.1 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | |
| CVE-2019-10876 | — | < 8.0+git.1539709555.5b31c25-3.12.1 | 8.0+git.1539709555.5b31c25-3.12.1 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-6975 | — | < 8.0+git.1539709555.5b31c25-3.12.1 | 8.0+git.1539709555.5b31c25-3.12.1 | Feb 11, 2019 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | ||
| CVE-2019-3498 | — | < 8.0+git.1539709555.5b31c25-3.12.1 | 8.0+git.1539709555.5b31c25-3.12.1 | Jan 9, 2019 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use | ||
| CVE-2018-14574 | Med | 6.1 | < 8.0+git.1539709555.5b31c25-3.12.1 | 8.0+git.1539709555.5b31c25-3.12.1 | Aug 3, 2018 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |
| CVE-2018-1288 | Med | 5.4 | < 8.0+git.1534267176.a5f3a22-3.6.1 | 8.0+git.1534267176.a5f3a22-3.6.1 | Jul 26, 2018 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. |
- affected < 8.0+git.1539709555.5b31c25-3.12.1fixed 8.0+git.1539709555.5b31c25-3.12.1
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-10876Apr 5, 2019affected < 8.0+git.1539709555.5b31c25-3.12.1fixed 8.0+git.1539709555.5b31c25-3.12.1
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-6975Feb 11, 2019affected < 8.0+git.1539709555.5b31c25-3.12.1fixed 8.0+git.1539709555.5b31c25-3.12.1
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
- CVE-2019-3498Jan 9, 2019affected < 8.0+git.1539709555.5b31c25-3.12.1fixed 8.0+git.1539709555.5b31c25-3.12.1
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
- affected < 8.0+git.1539709555.5b31c25-3.12.1fixed 8.0+git.1539709555.5b31c25-3.12.1
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
- affected < 8.0+git.1534267176.a5f3a22-3.6.1fixed 8.0+git.1534267176.a5f3a22-3.6.1
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.