rpm package
suse/venv-openstack-nova&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (142)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-2739 | — | < 16.1.9~dev49-11.24.2 | 16.1.9~dev49-11.24.2 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon | ||
| CVE-2019-2737 | — | < 16.1.9~dev49-11.24.2 | 16.1.9~dev49-11.24.2 | Jul 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc | ||
| CVE-2019-1010083 | — | < 16.1.9~dev61-11.28.2 | 16.1.9~dev61-11.28.2 | Jul 17, 2019 | The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656. | ||
| CVE-2019-13611 | — | < 16.1.9~dev7-11.22.3 | 16.1.9~dev7-11.22.3 | Jul 15, 2019 | An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted. | ||
| CVE-2019-13117 | — | < 16.1.9~dev49-11.24.2 | 16.1.9~dev49-11.24.2 | Jul 1, 2019 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. | ||
| CVE-2019-0201 | — | < 16.1.9~dev61-11.26.1 | 16.1.9~dev61-11.26.1 | May 23, 2019 | An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuth | ||
| CVE-2019-11596 | — | < 16.1.9~dev61-11.26.1 | 16.1.9~dev61-11.26.1 | Apr 29, 2019 | In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | ||
| CVE-2019-2628 | — | < 16.1.9~dev7-11.22.3 | 16.1.9~dev7-11.22.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr | ||
| CVE-2019-2627 | — | < 16.1.9~dev7-11.22.3 | 16.1.9~dev7-11.22.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ | ||
| CVE-2019-2614 | — | < 16.1.9~dev7-11.22.3 | 16.1.9~dev7-11.22.3 | Apr 23, 2019 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces | ||
| CVE-2019-11068 | — | < 16.1.9~dev3-11.18.1 | 16.1.9~dev3-11.18.1 | Apr 10, 2019 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. | ||
| CVE-2019-10876 | — | < 16.1.9~dev3-11.18.1 | 16.1.9~dev3-11.18.1 | Apr 5, 2019 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes | ||
| CVE-2019-3828 | — | < 16.1.9~dev61-11.28.2 | 16.1.9~dev61-11.28.2 | Mar 27, 2019 | Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | ||
| CVE-2019-3871 | — | < 16.1.9~dev61-11.26.1 | 16.1.9~dev61-11.26.1 | Mar 21, 2019 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of | ||
| CVE-2019-6975 | — | < 16.1.9~dev3-11.18.1 | 16.1.9~dev3-11.18.1 | Feb 11, 2019 | Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | ||
| CVE-2019-3498 | — | < 16.1.9~dev3-11.18.1 | 16.1.9~dev3-11.18.1 | Jan 9, 2019 | In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use | ||
| CVE-2018-16876 | — | < 16.1.9~dev76-11.30.1 | 16.1.9~dev76-11.30.1 | Jan 3, 2019 | ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. | ||
| CVE-2018-19039 | — | < 16.1.9~dev7-11.22.3 | 16.1.9~dev7-11.22.3 | Dec 13, 2018 | Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | ||
| CVE-2018-14626 | — | < 16.1.9~dev61-11.26.1 | 16.1.9~dev61-11.26.1 | Nov 29, 2018 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | ||
| CVE-2018-10851 | — | < 16.1.9~dev61-11.26.1 | 16.1.9~dev61-11.26.1 | Nov 29, 2018 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. |
- CVE-2019-2739Jul 23, 2019affected < 16.1.9~dev49-11.24.2fixed 16.1.9~dev49-11.24.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon
- CVE-2019-2737Jul 23, 2019affected < 16.1.9~dev49-11.24.2fixed 16.1.9~dev49-11.24.2
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network acc
- CVE-2019-1010083Jul 17, 2019affected < 16.1.9~dev61-11.28.2fixed 16.1.9~dev61-11.28.2
The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.
- CVE-2019-13611Jul 15, 2019affected < 16.1.9~dev7-11.22.3fixed 16.1.9~dev7-11.22.3
An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.
- CVE-2019-13117Jul 1, 2019affected < 16.1.9~dev49-11.24.2fixed 16.1.9~dev49-11.24.2
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
- CVE-2019-0201May 23, 2019affected < 16.1.9~dev61-11.26.1fixed 16.1.9~dev61-11.26.1
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuth
- CVE-2019-11596Apr 29, 2019affected < 16.1.9~dev61-11.26.1fixed 16.1.9~dev61-11.26.1
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
- CVE-2019-2628Apr 23, 2019affected < 16.1.9~dev7-11.22.3fixed 16.1.9~dev7-11.22.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compr
- CVE-2019-2627Apr 23, 2019affected < 16.1.9~dev7-11.22.3fixed 16.1.9~dev7-11.22.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with networ
- CVE-2019-2614Apr 23, 2019affected < 16.1.9~dev7-11.22.3fixed 16.1.9~dev7-11.22.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces
- CVE-2019-11068Apr 10, 2019affected < 16.1.9~dev3-11.18.1fixed 16.1.9~dev3-11.18.1
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
- CVE-2019-10876Apr 5, 2019affected < 16.1.9~dev3-11.18.1fixed 16.1.9~dev3-11.18.1
An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes
- CVE-2019-3828Mar 27, 2019affected < 16.1.9~dev61-11.28.2fixed 16.1.9~dev61-11.28.2
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
- CVE-2019-3871Mar 21, 2019affected < 16.1.9~dev61-11.26.1fixed 16.1.9~dev61-11.26.1
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of
- CVE-2019-6975Feb 11, 2019affected < 16.1.9~dev3-11.18.1fixed 16.1.9~dev3-11.18.1
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
- CVE-2019-3498Jan 9, 2019affected < 16.1.9~dev3-11.18.1fixed 16.1.9~dev3-11.18.1
In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.page_not_found(), leading to content spoofing (in a 404 error page) if a use
- CVE-2018-16876Jan 3, 2019affected < 16.1.9~dev76-11.30.1fixed 16.1.9~dev76-11.30.1
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
- CVE-2018-19039Dec 13, 2018affected < 16.1.9~dev7-11.22.3fixed 16.1.9~dev7-11.22.3
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- CVE-2018-14626Nov 29, 2018affected < 16.1.9~dev61-11.26.1fixed 16.1.9~dev61-11.26.1
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
- CVE-2018-10851Nov 29, 2018affected < 16.1.9~dev61-11.26.1fixed 16.1.9~dev61-11.26.1
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
Page 6 of 8