rpm package

suse/openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE OpenStack Cloud 8

pkg:rpm/suse/openstack-horizon-plugin-neutron-vpnaas-ui&distro=SUSE%20OpenStack%20Cloud%208

Vulnerabilities (10)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-15043		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Sep 3, 2019	In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-5477		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Aug 16, 2019	A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
CVE-2019-13611		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Jul 15, 2019	An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
CVE-2019-2628		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2627		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
CVE-2019-2614		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Apr 23, 2019	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
CVE-2018-19039		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Dec 13, 2018	Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
CVE-2018-15727		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Aug 29, 2018	Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVE-2016-10127	Cri	9.0	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Mar 3, 2017	PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2015-3448		—	< 1.0.1~dev3-3.6.4	1.0.1~dev3-3.6.4	Apr 29, 2015	REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

CVE-2019-15043Sep 3, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-5477Aug 16, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
CVE-2019-13611Jul 15, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
CVE-2019-2628Apr 23, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
CVE-2019-2627Apr 23, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
CVE-2019-2614Apr 23, 2019
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
CVE-2018-19039Dec 13, 2018
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
CVE-2018-15727Aug 29, 2018
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVE-2016-10127CriMar 3, 2017
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2015-3448Apr 29, 2015
affected < 1.0.1~dev3-3.6.4fixed 1.0.1~dev3-3.6.4
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.