rpm package

suse/openstack-neutron-fwaas-doc&distro=SUSE OpenStack Cloud 7

pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207

Vulnerabilities (33)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-16770		—	< 9.0.2~dev5-4.6.1	9.0.2~dev5-4.6.1	Dec 5, 2019	In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
CVE-2019-18874		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Nov 12, 2019	psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-16865		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Oct 4, 2019	An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVE-2019-15043		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Sep 3, 2019	In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-15026		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Aug 30, 2019	memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
CVE-2019-0201		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	May 23, 2019	An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuth
CVE-2019-11596		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Apr 29, 2019	In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVE-2019-3828		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Mar 27, 2019	Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
CVE-2019-3498		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Jan 9, 2019	In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
CVE-2018-1000115		—	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Mar 5, 2018	Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
CVE-2017-1000246	Med	5.3	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Nov 17, 2017	Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVE-2017-4967	Med	6.1	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Jun 13, 2017	An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
CVE-2017-4965	Med	6.1	< 9.0.2~dev5-4.9.4	9.0.2~dev5-4.9.4	Jun 13, 2017	An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the

CVE-2019-16770Dec 5, 2019
affected < 9.0.2~dev5-4.6.1fixed 9.0.2~dev5-4.6.1
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
CVE-2019-18874Nov 12, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-16865Oct 4, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.
CVE-2019-15043Sep 3, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
CVE-2019-15026Aug 30, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
CVE-2019-0201May 23, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuth
CVE-2019-11596Apr 29, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVE-2019-3828Mar 27, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
CVE-2019-3498Jan 9, 2019
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
CVE-2018-1000115Mar 5, 2018
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
CVE-2017-1000246MedNov 17, 2017
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVE-2017-4967MedJun 13, 2017
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
CVE-2017-4965MedJun 13, 2017
affected < 9.0.2~dev5-4.9.4fixed 9.0.2~dev5-4.9.4
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the

Page 2 of 2