rpm package
suse/caasp-openstack-heat-templates&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/caasp-openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1002201 | — | < 1.0+git.1560518045.ad7dc6d-1.9.1 | 1.0+git.1560518045.ad7dc6d-1.9.1 | Oct 15, 2019 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e | ||
| CVE-2019-2628 | — | < 1.0+git.1560518045.ad7dc6d-1.9.1 | 1.0+git.1560518045.ad7dc6d-1.9.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2627 | — | < 1.0+git.1560518045.ad7dc6d-1.9.1 | 1.0+git.1560518045.ad7dc6d-1.9.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | ||
| CVE-2019-2614 | — | < 1.0+git.1560518045.ad7dc6d-1.9.1 | 1.0+git.1560518045.ad7dc6d-1.9.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2018-1000872 | — | < 1.0+git.1553079189.3bf8922-1.6.2 | 1.0+git.1553079189.3bf8922-1.6.2 | Dec 20, 2018 | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. | ||
| CVE-2017-1000433 | — | < 1.0+git.1553079189.3bf8922-1.6.2 | 1.0+git.1553079189.3bf8922-1.6.2 | Jan 2, 2018 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. |
- CVE-2017-1002201Oct 15, 2019affected < 1.0+git.1560518045.ad7dc6d-1.9.1fixed 1.0+git.1560518045.ad7dc6d-1.9.1
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e
- CVE-2019-2628Apr 23, 2019affected < 1.0+git.1560518045.ad7dc6d-1.9.1fixed 1.0+git.1560518045.ad7dc6d-1.9.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2627Apr 23, 2019affected < 1.0+git.1560518045.ad7dc6d-1.9.1fixed 1.0+git.1560518045.ad7dc6d-1.9.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- CVE-2019-2614Apr 23, 2019affected < 1.0+git.1560518045.ad7dc6d-1.9.1fixed 1.0+git.1560518045.ad7dc6d-1.9.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2018-1000872Dec 20, 2018affected < 1.0+git.1553079189.3bf8922-1.6.2fixed 1.0+git.1553079189.3bf8922-1.6.2
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets.
- CVE-2017-1000433Jan 2, 2018affected < 1.0+git.1553079189.3bf8922-1.6.2fixed 1.0+git.1553079189.3bf8922-1.6.2
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.