rpm package
suse/galera-3&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/galera-3&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15043 | Hig | 7.5 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | |
| CVE-2019-5477 | Cri | 9.8 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a | |
| CVE-2019-13611 | Hig | 8.8 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Jul 16, 2019 | An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | |
| CVE-2019-2628 | Med | 4.9 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2019-2627 | Med | 4.9 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | |
| CVE-2019-2614 | Med | 4.4 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | |
| CVE-2018-19039 | Med | 6.5 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | |
| CVE-2018-3284 | Med | 4.4 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com | |
| CVE-2018-3282 | Med | 4.9 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacke | |
| CVE-2018-3277 | Med | 4.9 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2018-3251 | Med | 6.5 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | |
| CVE-2018-3200 | Med | 4.9 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2018-3185 | Med | 5.5 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2018-3174 | Med | 5.3 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with | |
| CVE-2018-3173 | Med | 4.9 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2018-3162 | Med | 4.9 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | |
| CVE-2018-3156 | Med | 6.5 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | |
| CVE-2018-3143 | Med | 6.5 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Oct 17, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p | |
| CVE-2018-15727 | Cri | 9.8 | < 25.3.25-4.6.3 | 25.3.25-4.6.3 | Aug 29, 2018 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | |
| CVE-2018-3066 | Low | 3.3 | < 25.3.24-4.3.1 | 25.3.24-4.3.1 | Jul 18, 2018 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access vi |
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to com
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacke
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
- affected < 25.3.25-4.6.3fixed 25.3.25-4.6.3
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
- affected < 25.3.24-4.3.1fixed 25.3.24-4.3.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access vi
Page 1 of 2