rpm package
suse/openstack-glance-doc&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15043 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | ||
| CVE-2019-5477 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a | ||
| CVE-2019-13611 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Jul 15, 2019 | An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | ||
| CVE-2019-2628 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2627 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | ||
| CVE-2019-2614 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2019-9735 | — | < 15.0.3~dev2-3.9.1 | 15.0.3~dev2-3.9.1 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2018-19039 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2018-15727 | — | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Aug 29, 2018 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | ||
| CVE-2018-14432 | — | < 15.0.2~dev4-3.3.3 | 15.0.2~dev4-3.3.3 | Jul 31, 2018 | In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access | ||
| CVE-2017-17051 | Hig | 8.6 | < 15.0.3~dev2-3.9.1 | 15.0.3~dev2-3.9.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2016-10127 | Cri | 9.0 | < 15.0.3~dev3-3.12.3 | 15.0.3~dev3-3.12.3 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |
| CVE-2015-3448 | — | < 15.0.3~dev2-3.9.1 | 15.0.3~dev2-3.9.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-15043Sep 3, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- CVE-2019-5477Aug 16, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
- CVE-2019-13611Jul 15, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
- CVE-2019-2628Apr 23, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2627Apr 23, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- CVE-2019-2614Apr 23, 2019affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2019-9735Mar 13, 2019affected < 15.0.3~dev2-3.9.1fixed 15.0.3~dev2-3.9.1
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- CVE-2018-19039Dec 13, 2018affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- CVE-2018-15727Aug 29, 2018affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
- CVE-2018-14432Jul 31, 2018affected < 15.0.2~dev4-3.3.3fixed 15.0.2~dev4-3.3.3
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access
- affected < 15.0.3~dev2-3.9.1fixed 15.0.3~dev2-3.9.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- affected < 15.0.3~dev3-3.12.3fixed 15.0.3~dev3-3.12.3
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
- CVE-2015-3448Apr 29, 2015affected < 15.0.3~dev2-3.9.1fixed 15.0.3~dev2-3.9.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.