rpm package
suse/openstack-ec2-api&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/openstack-ec2-api&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41136 | — | < 5.0.1~dev12-4.9.1 | 5.0.1~dev12-4.9.1 | Oct 12, 2021 | Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p | ||
| CVE-2020-26298 | — | < 5.0.1~dev12-4.9.1 | 5.0.1~dev12-4.9.1 | Jan 11, 2021 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the | ||
| CVE-2018-1000808 | — | < 5.0.1~dev10-4.6.2 | 5.0.1~dev10-4.6.2 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit | ||
| CVE-2018-1000807 | — | < 5.0.1~dev10-4.6.2 | 5.0.1~dev10-4.6.2 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab |
- CVE-2021-41136Oct 12, 2021affected < 5.0.1~dev12-4.9.1fixed 5.0.1~dev12-4.9.1
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p
- CVE-2020-26298Jan 11, 2021affected < 5.0.1~dev12-4.9.1fixed 5.0.1~dev12-4.9.1
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the
- CVE-2018-1000808Oct 8, 2018affected < 5.0.1~dev10-4.6.2fixed 5.0.1~dev10-4.6.2
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit
- CVE-2018-1000807Oct 8, 2018affected < 5.0.1~dev10-4.6.2fixed 5.0.1~dev10-4.6.2
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab