rpm package
suse/openstack-horizon-plugin-gbp-ui&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-40085 | Med | 6.5 | < 14.0.1~dev3-3.9.1 | 14.0.1~dev3-3.9.1 | Aug 31, 2021 | An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. | |
| CVE-2021-38155 | Hig | 7.5 | < 14.0.1~dev3-3.9.1 | 14.0.1~dev3-3.9.1 | Aug 6, 2021 | OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, an | |
| CVE-2021-21419 | Med | 5.3 | < 12.0.1~dev5-3.6.1 | 12.0.1~dev5-3.6.1 | May 7, 2021 | Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts web | |
| CVE-2021-28957 | Med | 6.1 | < 14.0.1~dev3-3.9.1 | 14.0.1~dev3-3.9.1 | Mar 21, 2021 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi | |
| CVE-2020-26298 | Med | 6.8 | < 12.0.1~dev5-3.6.1 | 12.0.1~dev5-3.6.1 | Jan 11, 2021 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the | |
| CVE-2020-27783 | Med | 6.1 | < 14.0.1~dev3-3.9.1 | 14.0.1~dev3-3.9.1 | Dec 3, 2020 | A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |
| CVE-2019-20933 | Cri | 9.8 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Nov 19, 2020 | InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | |
| CVE-2020-24303 | Med | 6.1 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Oct 28, 2020 | Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | |
| CVE-2020-26137 | Med | 6.5 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Sep 30, 2020 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | |
| CVE-2020-1734 | Hig | 7.4 | < 14.0.1~dev4-3.12.1 | 14.0.1~dev4-3.12.1 | Mar 3, 2020 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr | |
| CVE-2020-5390 | Hig | 7.5 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Jan 13, 2020 | PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus | |
| CVE-2019-11287 | Hig | 7.5 | < 14.0.1~dev4-3.12.1 | 14.0.1~dev4-3.12.1 | Nov 23, 2019 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP | |
| CVE-2016-10745 | Hig | 8.6 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Apr 8, 2019 | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | |
| CVE-2019-10906 | Hig | 8.6 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Apr 7, 2019 | In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. | |
| CVE-2019-8341 | Cri | 9.8 | < 12.0.1~dev3-3.3.4 | 12.0.1~dev3-3.3.4 | Feb 15, 2019 | An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: | |
| CVE-2018-19787 | Med | 6.1 | < 14.0.1~dev3-3.9.1 | 14.0.1~dev3-3.9.1 | Dec 2, 2018 | An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar |
- affected < 14.0.1~dev3-3.9.1fixed 14.0.1~dev3-3.9.1
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.
- affected < 14.0.1~dev3-3.9.1fixed 14.0.1~dev3-3.9.1
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, an
- affected < 12.0.1~dev5-3.6.1fixed 12.0.1~dev5-3.6.1
Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts web
- affected < 14.0.1~dev3-3.9.1fixed 14.0.1~dev3-3.9.1
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi
- affected < 12.0.1~dev5-3.6.1fixed 12.0.1~dev5-3.6.1
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the
- affected < 14.0.1~dev3-3.9.1fixed 14.0.1~dev3-3.9.1
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
- affected < 14.0.1~dev4-3.12.1fixed 14.0.1~dev4-3.12.1
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus
- affected < 14.0.1~dev4-3.12.1fixed 14.0.1~dev4-3.12.1
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
- affected < 12.0.1~dev3-3.3.4fixed 12.0.1~dev3-3.3.4
An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE:
- affected < 14.0.1~dev3-3.9.1fixed 14.0.1~dev3-3.9.1
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar
Page 2 of 2