rpm package
suse/openstack-horizon-plugin-designate-ui&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/openstack-horizon-plugin-designate-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17954 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Apr 3, 2020 | An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a | ||
| CVE-2019-18901 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li | ||
| CVE-2020-7595 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jan 21, 2020 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | ||
| CVE-2020-2574 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jan 15, 2020 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot | ||
| CVE-2019-16770 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Dec 5, 2019 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p | ||
| CVE-2019-2974 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Oct 16, 2019 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult | ||
| CVE-2019-2938 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Oct 16, 2019 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi | ||
| CVE-2017-1002201 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Oct 15, 2019 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e | ||
| CVE-2019-2805 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu | ||
| CVE-2019-2758 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2740 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi | ||
| CVE-2019-2739 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon | ||
| CVE-2019-2737 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc | ||
| CVE-2019-13117 | — | < 5.0.3~dev2-3.9.3 | 5.0.3~dev2-3.9.3 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | ||
| CVE-2018-14432 | — | < 5.0.2~dev5-3.3.5 | 5.0.2~dev5-3.3.5 | Jul 31, 2018 | In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access |
- CVE-2018-17954Apr 3, 2020affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a
- CVE-2019-18901Mar 2, 2020affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers to change the permissions of arbitrary files to 0640. This issue affects: SUSE Li
- CVE-2020-7595Jan 21, 2020affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
- CVE-2020-2574Jan 15, 2020affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
- CVE-2019-16770Dec 5, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
- CVE-2019-2974Oct 16, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mult
- CVE-2019-2938Oct 16, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromi
- CVE-2017-1002201Oct 15, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e
- CVE-2019-2805Jul 23, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu
- CVE-2019-2758Jul 23, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2740Jul 23, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi
- CVE-2019-2739Jul 23, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon
- CVE-2019-2737Jul 23, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc
- CVE-2019-13117Jul 1, 2019affected < 5.0.3~dev2-3.9.3fixed 5.0.3~dev2-3.9.3
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- CVE-2018-14432Jul 31, 2018affected < 5.0.2~dev5-3.3.5fixed 5.0.2~dev5-3.3.5
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access