rpm package
suse/python-oslo.messaging&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/python-oslo.messaging&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1002201 | — | < 5.10.2-3.12.1 | 5.10.2-3.12.1 | Oct 15, 2019 | In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e | ||
| CVE-2019-2628 | — | < 5.10.2-3.12.1 | 5.10.2-3.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2627 | — | < 5.10.2-3.12.1 | 5.10.2-3.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | ||
| CVE-2019-2614 | — | < 5.10.2-3.12.1 | 5.10.2-3.12.1 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2018-1000805 | — | < 5.10.2-3.9.1 | 5.10.2-3.9.1 | Oct 8, 2018 | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | ||
| CVE-2017-2592 | — | < 5.10.2-3.6.3 | 5.10.2-3.6.3 | May 8, 2018 | python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from Op |
- CVE-2017-1002201Oct 15, 2019affected < 5.10.2-3.12.1fixed 5.10.2-3.12.1
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially e
- CVE-2019-2628Apr 23, 2019affected < 5.10.2-3.12.1fixed 5.10.2-3.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2627Apr 23, 2019affected < 5.10.2-3.12.1fixed 5.10.2-3.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- CVE-2019-2614Apr 23, 2019affected < 5.10.2-3.12.1fixed 5.10.2-3.12.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2018-1000805Oct 8, 2018affected < 5.10.2-3.9.1fixed 5.10.2-3.9.1
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
- CVE-2017-2592May 8, 2018affected < 5.10.2-3.6.3fixed 5.10.2-3.6.3
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from Op