rpm package
suse/openstack-sahara&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-17954 | Cri | 9.3 | < 9.0.2~dev15-3.9.2 | 9.0.2~dev15-3.9.2 | Apr 3, 2020 | An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a | |
| CVE-2019-16770 | Med | 5.3 | < 9.0.2~dev15-3.9.2 | 9.0.2~dev15-3.9.2 | Dec 5, 2019 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p | |
| CVE-2019-18874 | Hig | 7.5 | < 9.0.2~dev14-3.6.1 | 9.0.2~dev14-3.6.1 | Nov 12, 2019 | psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | |
| CVE-2019-17134 | Cri | 9.1 | < 9.0.2~dev14-3.6.1 | 9.0.2~dev14-3.6.1 | Oct 8, 2019 | Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent | |
| CVE-2019-13117 | Med | 5.3 | < 9.0.2~dev15-3.9.2 | 9.0.2~dev15-3.9.2 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. |
- affected < 9.0.2~dev15-3.9.2fixed 9.0.2~dev15-3.9.2
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a
- affected < 9.0.2~dev15-3.9.2fixed 9.0.2~dev15-3.9.2
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p
- affected < 9.0.2~dev14-3.6.1fixed 9.0.2~dev14-3.6.1
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
- affected < 9.0.2~dev14-3.6.1fixed 9.0.2~dev14-3.6.1
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent
- affected < 9.0.2~dev15-3.9.2fixed 9.0.2~dev15-3.9.2
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.