rpm package
suse/rubygem-chef&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/rubygem-chef&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15043 | — | < 10.32.2-5.12.1 | 10.32.2-5.12.1 | Sep 3, 2019 | In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. | ||
| CVE-2019-5477 | — | < 10.32.2-5.12.1 | 10.32.2-5.12.1 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a | ||
| CVE-2018-19039 | — | < 10.32.2-5.12.1 | 10.32.2-5.12.1 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2018-15727 | — | < 10.32.2-5.12.1 | 10.32.2-5.12.1 | Aug 29, 2018 | Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | ||
| CVE-2016-10127 | Cri | 9.0 | < 10.32.2-5.12.1 | 10.32.2-5.12.1 | Mar 3, 2017 | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. |
- CVE-2019-15043Sep 3, 2019affected < 10.32.2-5.12.1fixed 10.32.2-5.12.1
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
- CVE-2019-5477Aug 16, 2019affected < 10.32.2-5.12.1fixed 10.32.2-5.12.1
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input a
- CVE-2018-19039Dec 13, 2018affected < 10.32.2-5.12.1fixed 10.32.2-5.12.1
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- CVE-2018-15727Aug 29, 2018affected < 10.32.2-5.12.1fixed 10.32.2-5.12.1
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
- affected < 10.32.2-5.12.1fixed 10.32.2-5.12.1
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.