rpm package
suse/openstack-neutron-lbaas&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15043 | — | < 9.2.2~dev11-4.18.3 | 9.2.2~dev11-4.18.3 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | ||
| CVE-2019-5477 | — | < 9.2.2~dev11-4.18.3 | 9.2.2~dev11-4.18.3 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a | ||
| CVE-2018-19039 | — | < 9.2.2~dev11-4.18.3 | 9.2.2~dev11-4.18.3 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2018-15727 | — | < 9.2.2~dev11-4.18.3 | 9.2.2~dev11-4.18.3 | Aug 29, 2018 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | ||
| CVE-2017-15139 | — | < 9.2.2~dev11-4.15.3 | 9.2.2~dev11-4.15.3 | Aug 27, 2018 | A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea | ||
| CVE-2016-10127 | Cri | 9.0 | < 9.2.2~dev11-4.18.3 | 9.2.2~dev11-4.18.3 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. |
- CVE-2019-15043Sep 3, 2019affected < 9.2.2~dev11-4.18.3fixed 9.2.2~dev11-4.18.3
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- CVE-2019-5477Aug 16, 2019affected < 9.2.2~dev11-4.18.3fixed 9.2.2~dev11-4.18.3
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
- CVE-2018-19039Dec 13, 2018affected < 9.2.2~dev11-4.18.3fixed 9.2.2~dev11-4.18.3
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- CVE-2018-15727Aug 29, 2018affected < 9.2.2~dev11-4.18.3fixed 9.2.2~dev11-4.18.3
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
- CVE-2017-15139Aug 27, 2018affected < 9.2.2~dev11-4.15.3fixed 9.2.2~dev11-4.15.3
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea
- affected < 9.2.2~dev11-4.18.3fixed 9.2.2~dev11-4.18.3
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.