rpm package
suse/openstack-ironic-doc&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000807 | Hig | 8.1 | < 9.1.7~dev7-3.15.2 | 9.1.7~dev7-3.15.2 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab | |
| CVE-2018-14574 | Med | 6.1 | < 9.1.8~dev5-3.18.1 | 9.1.8~dev5-3.18.1 | Aug 3, 2018 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |
| CVE-2018-14432 | Med | 5.3 | < 9.1.5~dev7-3.6.3 | 9.1.5~dev7-3.6.3 | Jul 31, 2018 | In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access | |
| CVE-2017-17051 | Hig | 8.6 | < 9.1.8~dev7-3.21.1 | 9.1.8~dev7-3.21.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 9.1.8~dev7-3.21.1 | 9.1.8~dev7-3.21.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- affected < 9.1.7~dev7-3.15.2fixed 9.1.7~dev7-3.15.2
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab
- affected < 9.1.8~dev5-3.18.1fixed 9.1.8~dev5-3.18.1
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
- affected < 9.1.5~dev7-3.6.3fixed 9.1.5~dev7-3.6.3
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access
- affected < 9.1.8~dev7-3.21.1fixed 9.1.8~dev7-3.21.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 9.1.8~dev7-3.21.1fixed 9.1.8~dev7-3.21.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
Page 2 of 2