VYPR

rpm package

suse/venv-openstack-monasca&distro=SUSE OpenStack Cloud 9

pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209

Vulnerabilities (100)

  • CVE-2020-27783Dec 3, 2020
    affected < 2.7.1~dev10-3.37.1fixed 2.7.1~dev10-3.37.1

    A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.

  • CVE-2019-20933Nov 19, 2020
    affected < 2.7.1~dev10-3.19.2fixed 2.7.1~dev10-3.19.2

    InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

  • CVE-2020-24303Oct 28, 2020
    affected < 2.7.1~dev10-3.19.2fixed 2.7.1~dev10-3.19.2

    Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

  • CVE-2020-26137Sep 29, 2020
    affected < 2.7.1~dev10-3.19.2fixed 2.7.1~dev10-3.19.2

    urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.

  • CVE-2020-11110Jul 27, 2020
    affected < 2.7.1~dev10-3.21.1fixed 2.7.1~dev10-3.21.1

    Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

  • CVE-2020-10177Jun 25, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.

  • CVE-2020-11538Jun 25, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.

  • CVE-2020-10994Jun 25, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.

  • CVE-2020-10378Jun 25, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.

  • CVE-2020-8184Jun 19, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

  • CVE-2020-10755Jun 10, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with th

  • CVE-2020-13379Jun 3, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information abo

  • CVE-2020-13596Jun 3, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.

  • CVE-2020-13254Jun 3, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.

  • CVE-2018-18625Jun 2, 2020
    affected < 2.7.1~dev10-3.21.1fixed 2.7.1~dev10-3.21.1

    Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

  • CVE-2018-18624Jun 2, 2020
    affected < 2.7.1~dev10-3.21.1fixed 2.7.1~dev10-3.21.1

    Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

  • CVE-2018-18623Jun 2, 2020
    affected < 2.7.1~dev10-3.21.1fixed 2.7.1~dev10-3.21.1

    Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

  • CVE-2020-12052Apr 27, 2020
    affected < 2.7.1~dev10-3.17.3fixed 2.7.1~dev10-3.17.3

    Grafana version < 6.7.3 is vulnerable for annotation popup XSS.

  • CVE-2018-17954Apr 3, 2020
    affected < 2.7.1~dev10-3.13.1fixed 2.7.1~dev10-3.13.1

    An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a

  • CVE-2020-9543Mar 12, 2020
    affected < 2.7.1~dev10-3.15.1fixed 2.7.1~dev10-3.15.1

    OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares o

Page 3 of 5