VYPR

rpm package

suse/rabbitmq-server&distro=SUSE OpenStack Cloud 9

pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%209

Vulnerabilities (6)

  • CVE-2022-34265CriJul 4, 2022
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe l

  • CVE-2022-28346CriApr 12, 2022
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.

  • CVE-2022-24790CriMar 30, 2022
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta

  • CVE-2021-39226CriKEVOct 5, 2021
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public

  • CVE-2020-1734HigMar 3, 2020
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitr

  • CVE-2019-11287HigNov 23, 2019
    affected < 3.6.16-4.3.1fixed 3.6.16-4.3.1

    Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP