VYPR

rpm package

suse/openstack-ironic&distro=SUSE OpenStack Cloud 8

pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208

Vulnerabilities (25)

  • CVE-2018-1000807HigOct 8, 2018
    affected < 9.1.7~dev7-3.15.3fixed 9.1.7~dev7-3.15.3

    Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab

  • CVE-2018-14574MedAug 3, 2018
    affected < 9.1.8~dev5-3.18.2fixed 9.1.8~dev5-3.18.2

    django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.

  • CVE-2018-14432MedJul 31, 2018
    affected < 9.1.5~dev7-3.6.3fixed 9.1.5~dev7-3.6.3

    In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access

  • CVE-2017-17051HigDec 5, 2017
    affected < 9.1.8~dev7-3.21.2fixed 9.1.8~dev7-3.21.2

    An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This

  • CVE-2015-3448Apr 29, 2015
    affected < 9.1.8~dev7-3.21.2fixed 9.1.8~dev7-3.21.2

    REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.

Page 2 of 2