VYPR

rpm package

suse/rubygem-puma&distro=SUSE OpenStack Cloud Crowbar 8

pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Vulnerabilities (56)

  • CVE-2019-15026HigAug 30, 2019
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.

  • CVE-2019-2805MedJul 23, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via mu

  • CVE-2019-2758MedJul 23, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr

  • CVE-2019-2740MedJul 23, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multi

  • CVE-2019-2739MedJul 23, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon

  • CVE-2019-2737MedJul 23, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc

  • CVE-2019-1010083HigJul 17, 2019
    affected < 2.16.0-3.9.1fixed 2.16.0-3.9.1

    The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

  • CVE-2019-13117MedJul 1, 2019
    affected < 2.16.0-3.3.3fixed 2.16.0-3.3.3

    In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.

  • CVE-2019-0201MedMay 23, 2019
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuth

  • CVE-2019-11596HigApr 29, 2019
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.

  • CVE-2019-3828MedMar 27, 2019
    affected < 2.16.0-3.9.1fixed 2.16.0-3.9.1

    Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

  • CVE-2019-3871MedMar 21, 2019
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of

  • CVE-2018-14626MedNov 29, 2018
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

  • CVE-2018-10851MedNov 29, 2018
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

  • CVE-2017-1000246MedNov 17, 2017
    affected < 2.16.0-3.9.1fixed 2.16.0-3.9.1

    Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

  • CVE-2017-5637HigOct 10, 2017
    affected < 2.16.0-3.6.1fixed 2.16.0-3.6.1

    Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, f

Page 3 of 3