rpm package
suse/python-waitress&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15043 | — | < 1.4.3-3.3.1 | 1.4.3-3.3.1 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | ||
| CVE-2019-1010083 | — | < 1.4.3-3.3.1 | 1.4.3-3.3.1 | Jul 17, 2019 | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. | ||
| CVE-2019-3828 | — | < 1.4.3-3.3.1 | 1.4.3-3.3.1 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2017-1000246 | Med | 5.3 | < 1.4.3-3.3.1 | 1.4.3-3.3.1 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
- CVE-2019-15043Sep 3, 2019affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- CVE-2019-1010083Jul 17, 2019affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
- CVE-2019-3828Mar 27, 2019affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- affected < 1.4.3-3.3.1fixed 1.4.3-3.3.1
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Page 2 of 2