rpm package
suse/crowbar-core&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-7548 | — | < 6.0+git.1566321308.1de18b9a4-3.7.2 | 6.0+git.1566321308.1de18b9a4-3.7.2 | Feb 6, 2019 | SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. | ||
| CVE-2018-19039 | — | < 6.0+git.1562154525.5e2983308-3.3.8 | 6.0+git.1562154525.5e2983308-3.3.8 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2017-17051 | Hig | 8.6 | < 6.0+git.1566321308.1de18b9a4-3.7.2 | 6.0+git.1566321308.1de18b9a4-3.7.2 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 6.0+git.1566321308.1de18b9a4-3.7.2 | 6.0+git.1566321308.1de18b9a4-3.7.2 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-7548Feb 6, 2019affected < 6.0+git.1566321308.1de18b9a4-3.7.2fixed 6.0+git.1566321308.1de18b9a4-3.7.2
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
- CVE-2018-19039Dec 13, 2018affected < 6.0+git.1562154525.5e2983308-3.3.8fixed 6.0+git.1562154525.5e2983308-3.3.8
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- affected < 6.0+git.1566321308.1de18b9a4-3.7.2fixed 6.0+git.1566321308.1de18b9a4-3.7.2
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 6.0+git.1566321308.1de18b9a4-3.7.2fixed 6.0+git.1566321308.1de18b9a4-3.7.2
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 4 of 4