rpm package
suse/crowbar-openstack&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (72)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8611 | — | < 4.0+git.1534254269.ce598a9fe-9.39.1 | 4.0+git.1534254269.ce598a9fe-9.39.1 | Jul 31, 2018 | A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | ||
| CVE-2018-3760 | — | < 4.0+git.1534254269.ce598a9fe-9.39.1 | 4.0+git.1534254269.ce598a9fe-9.39.1 | Jun 26, 2018 | There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Spr | ||
| CVE-2018-1000115 | — | < 4.0+git.1522325467.43e431f91-9.30.1 | 4.0+git.1522325467.43e431f91-9.30.1 | Mar 5, 2018 | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported | ||
| CVE-2017-1000433 | — | < 4.0+git.1554887450.ff7c30c1c-9.51.3 | 4.0+git.1554887450.ff7c30c1c-9.51.3 | Jan 2, 2018 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | ||
| CVE-2017-11481 | Med | 6.1 | < 4.0+git.1616146720.44daffca0-9.81.2 | 4.0+git.1616146720.44daffca0-9.81.2 | Dec 8, 2017 | Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |
| CVE-2017-1000246 | Med | 5.3 | < 4.0+git.1589804581.9972163f0-9.71.4 | 4.0+git.1589804581.9972163f0-9.71.4 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |
| CVE-2017-11499 | Hig | 7.5 | < 4.0+git.1616146720.44daffca0-9.81.2 | 4.0+git.1616146720.44daffca0-9.81.2 | Jul 25, 2017 | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building | |
| CVE-2017-4967 | Med | 6.1 | < 4.0+git.1589804581.9972163f0-9.71.4 | 4.0+git.1589804581.9972163f0-9.71.4 | Jun 13, 2017 | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the | |
| CVE-2017-4965 | Med | 6.1 | < 4.0+git.1589804581.9972163f0-9.71.4 | 4.0+git.1589804581.9972163f0-9.71.4 | Jun 13, 2017 | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the | |
| CVE-2016-10127 | Cri | 9.0 | < 4.0+git.1569429513.e7016b2b6-9.59.1 | 4.0+git.1569429513.e7016b2b6-9.59.1 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |
| CVE-2016-0775 | Med | 6.5 | < 4.0+git.1599037255.25b759234-9.74.4 | 4.0+git.1599037255.25b759234-9.74.4 | Apr 13, 2016 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. | |
| CVE-2015-3448 | — | < 4.0+git.1574869671.9c7bade2d-9.65.1 | 4.0+git.1574869671.9c7bade2d-9.65.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2016-8611Jul 31, 2018affected < 4.0+git.1534254269.ce598a9fe-9.39.1fixed 4.0+git.1534254269.ce598a9fe-9.39.1
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
- CVE-2018-3760Jun 26, 2018affected < 4.0+git.1534254269.ce598a9fe-9.39.1fixed 4.0+git.1534254269.ce598a9fe-9.39.1
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Spr
- CVE-2018-1000115Mar 5, 2018affected < 4.0+git.1522325467.43e431f91-9.30.1fixed 4.0+git.1522325467.43e431f91-9.30.1
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
- CVE-2017-1000433Jan 2, 2018affected < 4.0+git.1554887450.ff7c30c1c-9.51.3fixed 4.0+git.1554887450.ff7c30c1c-9.51.3
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
- affected < 4.0+git.1616146720.44daffca0-9.81.2fixed 4.0+git.1616146720.44daffca0-9.81.2
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
- affected < 4.0+git.1589804581.9972163f0-9.71.4fixed 4.0+git.1589804581.9972163f0-9.71.4
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
- affected < 4.0+git.1616146720.44daffca0-9.81.2fixed 4.0+git.1616146720.44daffca0-9.81.2
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building
- affected < 4.0+git.1589804581.9972163f0-9.71.4fixed 4.0+git.1589804581.9972163f0-9.71.4
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
- affected < 4.0+git.1589804581.9972163f0-9.71.4fixed 4.0+git.1589804581.9972163f0-9.71.4
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
- affected < 4.0+git.1569429513.e7016b2b6-9.59.1fixed 4.0+git.1569429513.e7016b2b6-9.59.1
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
- affected < 4.0+git.1599037255.25b759234-9.74.4fixed 4.0+git.1599037255.25b759234-9.74.4
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
- CVE-2015-3448Apr 29, 2015affected < 4.0+git.1574869671.9c7bade2d-9.65.1fixed 4.0+git.1574869671.9c7bade2d-9.65.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 4 of 4