rpm package
suse/openstack-neutron-fwaas&distro=SUSE OpenStack Cloud Crowbar 9
pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17954 | — | < 13.0.3~dev4-3.9.2 | 13.0.3~dev4-3.9.2 | Apr 3, 2020 | An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a | ||
| CVE-2019-16770 | — | < 13.0.3~dev4-3.9.2 | 13.0.3~dev4-3.9.2 | Dec 5, 2019 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p | ||
| CVE-2019-15043 | — | < 13.0.3~dev2-3.6.3 | 13.0.3~dev2-3.6.3 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | ||
| CVE-2019-13117 | — | < 13.0.3~dev4-3.9.2 | 13.0.3~dev4-3.9.2 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | ||
| CVE-2019-11068 | — | < 13.0.2~dev14-3.3.7 | 13.0.2~dev14-3.3.7 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||
| CVE-2019-10876 | — | < 13.0.2~dev14-3.3.7 | 13.0.2~dev14-3.3.7 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-3871 | — | < 13.0.3~dev2-3.6.3 | 13.0.3~dev2-3.6.3 | Mar 21, 2019 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of | ||
| CVE-2018-19039 | — | < 13.0.2~dev14-3.3.7 | 13.0.2~dev14-3.3.7 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. |
- CVE-2018-17954Apr 3, 2020affected < 13.0.3~dev4-3.9.2fixed 13.0.3~dev4-3.9.2
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a
- CVE-2019-16770Dec 5, 2019affected < 13.0.3~dev4-3.9.2fixed 13.0.3~dev4-3.9.2
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
- CVE-2019-15043Sep 3, 2019affected < 13.0.3~dev2-3.6.3fixed 13.0.3~dev2-3.6.3
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- CVE-2019-13117Jul 1, 2019affected < 13.0.3~dev4-3.9.2fixed 13.0.3~dev4-3.9.2
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- CVE-2019-11068Apr 10, 2019affected < 13.0.2~dev14-3.3.7fixed 13.0.2~dev14-3.3.7
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-10876Apr 5, 2019affected < 13.0.2~dev14-3.3.7fixed 13.0.2~dev14-3.3.7
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-3871Mar 21, 2019affected < 13.0.3~dev2-3.6.3fixed 13.0.3~dev2-3.6.3
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of
- CVE-2018-19039Dec 13, 2018affected < 13.0.2~dev14-3.3.7fixed 13.0.2~dev14-3.3.7
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.