rpm package

suse/openstack-neutron-vpnaas&distro=SUSE OpenStack Cloud 8

pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%208

Vulnerabilities (6)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-11068	—	< 11.0.1~dev5-3.12.1	11.0.1~dev5-3.12.1	Apr 10, 2019	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-10876	—	< 11.0.1~dev5-3.12.1	11.0.1~dev5-3.12.1	Apr 5, 2019	An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
CVE-2019-6975	—	< 11.0.1~dev5-3.12.1	11.0.1~dev5-3.12.1	Feb 11, 2019	Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-3498	—	< 11.0.1~dev5-3.12.1	11.0.1~dev5-3.12.1	Jan 9, 2019	In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
CVE-2018-14574	—	< 11.0.1~dev5-3.12.1	11.0.1~dev5-3.12.1	Aug 3, 2018	django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2018-14432	—	< 11.0.1~dev1-3.3.3	11.0.1~dev1-3.3.3	Jul 31, 2018	In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access

CVE-2019-11068Apr 10, 2019
affected < 11.0.1~dev5-3.12.1fixed 11.0.1~dev5-3.12.1
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2019-10876Apr 5, 2019
affected < 11.0.1~dev5-3.12.1fixed 11.0.1~dev5-3.12.1
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
CVE-2019-6975Feb 11, 2019
affected < 11.0.1~dev5-3.12.1fixed 11.0.1~dev5-3.12.1
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-3498Jan 9, 2019
affected < 11.0.1~dev5-3.12.1fixed 11.0.1~dev5-3.12.1
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
CVE-2018-14574Aug 3, 2018
affected < 11.0.1~dev5-3.12.1fixed 11.0.1~dev5-3.12.1
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2018-14432Jul 31, 2018
affected < 11.0.1~dev1-3.3.3fixed 11.0.1~dev1-3.3.3
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access