rpm package
suse/openstack-murano-doc&distro=HPE Helion OpenStack 8
pkg:rpm/suse/openstack-murano-doc&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34265 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Jul 4, 2022 | An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe l | ||
| CVE-2022-28346 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Apr 12, 2022 | An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs. | ||
| CVE-2022-24790 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Mar 30, 2022 | Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta | ||
| CVE-2021-44716 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Jan 1, 2022 | net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | ||
| CVE-2021-39226 | — | KEV | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Oct 5, 2021 | Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public | |
| CVE-2020-1734 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Mar 3, 2020 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr | ||
| CVE-2019-11287 | — | < 4.0.2~dev3-3.12.1 | 4.0.2~dev3-3.12.1 | Nov 22, 2019 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP | ||
| CVE-2019-9735 | — | < 4.0.2~dev2-3.9.1 | 4.0.2~dev2-3.9.1 | Mar 13, 2019 | An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, | ||
| CVE-2018-1000808 | — | < 4.0.1~dev5-3.6.2 | 4.0.1~dev5-3.6.2 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit | ||
| CVE-2018-1000807 | — | < 4.0.1~dev5-3.6.2 | 4.0.1~dev5-3.6.2 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab | ||
| CVE-2017-17051 | Hig | 8.6 | < 4.0.2~dev2-3.9.1 | 4.0.2~dev2-3.9.1 | Dec 5, 2017 | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This | |
| CVE-2015-3448 | — | < 4.0.2~dev2-3.9.1 | 4.0.2~dev2-3.9.1 | Apr 29, 2015 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. |
- CVE-2022-34265Jul 4, 2022affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe l
- CVE-2022-28346Apr 12, 2022affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
- CVE-2022-24790Mar 30, 2022affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta
- CVE-2021-44716Jan 1, 2022affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
- affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public
- CVE-2020-1734Mar 3, 2020affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr
- CVE-2019-11287Nov 22, 2019affected < 4.0.2~dev3-3.12.1fixed 4.0.2~dev3-3.12.1
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP
- CVE-2019-9735Mar 13, 2019affected < 4.0.2~dev2-3.9.1fixed 4.0.2~dev2-3.9.1
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example,
- CVE-2018-1000808Oct 8, 2018affected < 4.0.1~dev5-3.6.2fixed 4.0.1~dev5-3.6.2
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit
- CVE-2018-1000807Oct 8, 2018affected < 4.0.1~dev5-3.6.2fixed 4.0.1~dev5-3.6.2
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab
- affected < 4.0.2~dev2-3.9.1fixed 4.0.2~dev2-3.9.1
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This
- CVE-2015-3448Apr 29, 2015affected < 4.0.2~dev2-3.9.1fixed 4.0.2~dev2-3.9.1
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.