rpm package
suse/openstack-monasca-api&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/openstack-monasca-api&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11068 | — | < 2.2.1~dev26-3.12.2 | 2.2.1~dev26-3.12.2 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||
| CVE-2019-10876 | — | < 2.2.1~dev26-3.12.2 | 2.2.1~dev26-3.12.2 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-9735 | — | < 2.2.2~dev1-3.15.2 | 2.2.2~dev1-3.15.2 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2019-6975 | — | < 2.2.1~dev26-3.12.2 | 2.2.1~dev26-3.12.2 | Feb 11, 2019 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | ||
| CVE-2019-3498 | — | < 2.2.1~dev26-3.12.2 | 2.2.1~dev26-3.12.2 | Jan 9, 2019 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use | ||
| CVE-2018-1000808 | — | < 2.2.1~dev25-3.9.3 | 2.2.1~dev25-3.9.3 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit | ||
| CVE-2018-1000807 | — | < 2.2.1~dev25-3.9.3 | 2.2.1~dev25-3.9.3 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab | ||
| CVE-2018-14574 | — | < 2.2.1~dev26-3.12.2 | 2.2.1~dev26-3.12.2 | Aug 3, 2018 | django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | ||
| CVE-2018-1288 | — | < 2.2.1~dev24-3.6.1 | 2.2.1~dev24-3.6.1 | Jul 26, 2018 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | ||
| CVE-2017-17051 | Hig | 8.6 | < 2.2.2~dev1-3.15.2 | 2.2.2~dev1-3.15.2 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 2.2.2~dev1-3.15.2 | 2.2.2~dev1-3.15.2 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2019-11068Apr 10, 2019affected < 2.2.1~dev26-3.12.2fixed 2.2.1~dev26-3.12.2
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-10876Apr 5, 2019affected < 2.2.1~dev26-3.12.2fixed 2.2.1~dev26-3.12.2
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-9735Mar 13, 2019affected < 2.2.2~dev1-3.15.2fixed 2.2.2~dev1-3.15.2
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- CVE-2019-6975Feb 11, 2019affected < 2.2.1~dev26-3.12.2fixed 2.2.1~dev26-3.12.2
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
- CVE-2019-3498Jan 9, 2019affected < 2.2.1~dev26-3.12.2fixed 2.2.1~dev26-3.12.2
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
- CVE-2018-1000808Oct 8, 2018affected < 2.2.1~dev25-3.9.3fixed 2.2.1~dev25-3.9.3
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit
- CVE-2018-1000807Oct 8, 2018affected < 2.2.1~dev25-3.9.3fixed 2.2.1~dev25-3.9.3
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab
- CVE-2018-14574Aug 3, 2018affected < 2.2.1~dev26-3.12.2fixed 2.2.1~dev26-3.12.2
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
- CVE-2018-1288Jul 26, 2018affected < 2.2.1~dev24-3.6.1fixed 2.2.1~dev24-3.6.1
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
- affected < 2.2.2~dev1-3.15.2fixed 2.2.2~dev1-3.15.2
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 2.2.2~dev1-3.15.2fixed 2.2.2~dev1-3.15.2
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.