rpm package
suse/crowbar-ui&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/crowbar-ui&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1002201 | — | < 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | Oct 15, 2019 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e | ||
| CVE-2019-2628 | — | < 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2627 | — | < 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | ||
| CVE-2019-2614 | — | < 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | 1.1.0+git.1547500033.d0fb2bf2-4.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2016-8611 | — | < 1.1.0+git.1533844061.4ac8e723-4.3.1 | 1.1.0+git.1533844061.4ac8e723-4.3.1 | Jul 31, 2018 | A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | ||
| CVE-2018-3760 | — | < 1.1.0+git.1533844061.4ac8e723-4.3.1 | 1.1.0+git.1533844061.4ac8e723-4.3.1 | Jun 26, 2018 | There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Spr |
- CVE-2017-1002201Oct 15, 2019affected < 1.1.0+git.1547500033.d0fb2bf2-4.12.1fixed 1.1.0+git.1547500033.d0fb2bf2-4.12.1
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e
- CVE-2019-2628Apr 23, 2019affected < 1.1.0+git.1547500033.d0fb2bf2-4.12.1fixed 1.1.0+git.1547500033.d0fb2bf2-4.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2627Apr 23, 2019affected < 1.1.0+git.1547500033.d0fb2bf2-4.12.1fixed 1.1.0+git.1547500033.d0fb2bf2-4.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- CVE-2019-2614Apr 23, 2019affected < 1.1.0+git.1547500033.d0fb2bf2-4.12.1fixed 1.1.0+git.1547500033.d0fb2bf2-4.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2016-8611Jul 31, 2018affected < 1.1.0+git.1533844061.4ac8e723-4.3.1fixed 1.1.0+git.1533844061.4ac8e723-4.3.1
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
- CVE-2018-3760Jun 26, 2018affected < 1.1.0+git.1533844061.4ac8e723-4.3.1fixed 1.1.0+git.1533844061.4ac8e723-4.3.1
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Spr