rpm package
suse/caasp-openstack-heat-templates&distro=HPE Helion OpenStack 8
pkg:rpm/suse/caasp-openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1010083 | — | < 1.0+git.1560518045.ad7dc6d-4.18.1 | 1.0+git.1560518045.ad7dc6d-4.18.1 | Jul 17, 2019 | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. | ||
| CVE-2019-3828 | — | < 1.0+git.1560518045.ad7dc6d-4.18.1 | 1.0+git.1560518045.ad7dc6d-4.18.1 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2019-9735 | — | < 1.0+git.1560518045.ad7dc6d-4.15.1 | 1.0+git.1560518045.ad7dc6d-4.15.1 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2017-17051 | Hig | 8.6 | < 1.0+git.1560518045.ad7dc6d-4.15.1 | 1.0+git.1560518045.ad7dc6d-4.15.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2017-1000246 | Med | 5.3 | < 1.0+git.1560518045.ad7dc6d-4.18.1 | 1.0+git.1560518045.ad7dc6d-4.18.1 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |
| CVE-2015-3448 | — | < 1.0+git.1560518045.ad7dc6d-4.15.1 | 1.0+git.1560518045.ad7dc6d-4.15.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-1010083Jul 17, 2019affected < 1.0+git.1560518045.ad7dc6d-4.18.1fixed 1.0+git.1560518045.ad7dc6d-4.18.1
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
- CVE-2019-3828Mar 27, 2019affected < 1.0+git.1560518045.ad7dc6d-4.18.1fixed 1.0+git.1560518045.ad7dc6d-4.18.1
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- CVE-2019-9735Mar 13, 2019affected < 1.0+git.1560518045.ad7dc6d-4.15.1fixed 1.0+git.1560518045.ad7dc6d-4.15.1
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- affected < 1.0+git.1560518045.ad7dc6d-4.15.1fixed 1.0+git.1560518045.ad7dc6d-4.15.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- affected < 1.0+git.1560518045.ad7dc6d-4.18.1fixed 1.0+git.1560518045.ad7dc6d-4.18.1
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
- CVE-2015-3448Apr 29, 2015affected < 1.0+git.1560518045.ad7dc6d-4.15.1fixed 1.0+git.1560518045.ad7dc6d-4.15.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 2 of 2