VYPR

rpm package

suse/rabbitmq-server&distro=SUSE OpenStack Cloud 8

pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%208

Vulnerabilities (7)

  • CVE-2022-34265Jul 4, 2022
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe l

  • CVE-2022-28346Apr 12, 2022
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

  • CVE-2022-24790Mar 30, 2022
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta

  • CVE-2021-44716Jan 1, 2022
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

  • CVE-2021-39226KEVOct 5, 2021
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public

  • CVE-2020-1734Mar 3, 2020
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr

  • CVE-2019-11287Nov 22, 2019
    affected < 3.6.16-3.13.1fixed 3.6.16-3.13.1

    Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP