rpm package
suse/openstack-ceilometer-doc&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/openstack-ceilometer-doc&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000872 | — | < 7.1.1~dev4-4.15.3 | 7.1.1~dev4-4.15.3 | Dec 20, 2018 | OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. | ||
| CVE-2017-1000433 | Hig | 8.1 | < 7.1.1~dev4-4.15.3 | 7.1.1~dev4-4.15.3 | Jan 2, 2018 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | |
| CVE-2017-7400 | Med | 4.8 | < 7.0.4~a0~dev7-3.2 | 7.0.4~a0~dev7-3.2 | Apr 3, 2017 | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |
| CVE-2017-7214 | Cri | 9.8 | < 7.0.4~a0~dev7-3.2 | 7.0.4~a0~dev7-3.2 | Mar 21, 2017 | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization |
- CVE-2018-1000872Dec 20, 2018affected < 7.1.1~dev4-4.15.3fixed 7.1.1~dev4-4.15.3
OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets.
- affected < 7.1.1~dev4-4.15.3fixed 7.1.1~dev4-4.15.3
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
- affected < 7.0.4~a0~dev7-3.2fixed 7.0.4~a0~dev7-3.2
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
- affected < 7.0.4~a0~dev7-3.2fixed 7.0.4~a0~dev7-3.2
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization