rpm package
suse/rubygem-crowbar-client&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000115 | — | < 3.9.2-7.20.1 | 3.9.2-7.20.1 | Mar 5, 2018 | Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported | ||
| CVE-2017-1000433 | — | < 3.9.0-7.14.2 | 3.9.0-7.14.2 | Jan 2, 2018 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | ||
| CVE-2017-1000246 | Med | 5.3 | < 3.9.2-7.20.1 | 3.9.2-7.20.1 | Nov 17, 2017 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |
| CVE-2017-4967 | Med | 6.1 | < 3.9.2-7.20.1 | 3.9.2-7.20.1 | Jun 13, 2017 | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the | |
| CVE-2017-4965 | Med | 6.1 | < 3.9.2-7.20.1 | 3.9.2-7.20.1 | Jun 13, 2017 | An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the | |
| CVE-2016-0775 | Med | 6.5 | < 3.9.3-7.23.1 | 3.9.3-7.23.1 | Apr 13, 2016 | Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file. |
- CVE-2018-1000115Mar 5, 2018affected < 3.9.2-7.20.1fixed 3.9.2-7.20.1
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported
- CVE-2017-1000433Jan 2, 2018affected < 3.9.0-7.14.2fixed 3.9.0-7.14.2
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
- affected < 3.9.2-7.20.1fixed 3.9.2-7.20.1
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
- affected < 3.9.2-7.20.1fixed 3.9.2-7.20.1
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
- affected < 3.9.2-7.20.1fixed 3.9.2-7.20.1
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the
- affected < 3.9.3-7.23.1fixed 3.9.3-7.23.1
Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.
Page 3 of 3