rpm package
suse/openstack-cinder&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (83)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19787 | — | < 13.0.10~dev24-3.34.2 | 13.0.10~dev24-3.34.2 | Dec 2, 2018 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar | ||
| CVE-2017-17051 | Hig | 8.6 | < 13.0.7~dev3-3.7.2 | 13.0.7~dev3-3.7.2 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 13.0.7~dev3-3.7.2 | 13.0.7~dev3-3.7.2 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2018-19787Dec 2, 2018affected < 13.0.10~dev24-3.34.2fixed 13.0.10~dev24-3.34.2
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar
- affected < 13.0.7~dev3-3.7.2fixed 13.0.7~dev3-3.7.2
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 13.0.7~dev3-3.7.2fixed 13.0.7~dev3-3.7.2
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 5 of 5