VYPR

Suse Openstack Cloud

by Novell

CVEs (6)

  • CVE-2016-0376HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.06

    The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in…

  • CVE-2016-0363HigJun 3, 2016
    risk 0.53cvss 8.1epss 0.04

    The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the…

  • CVE-2015-7976MedJan 30, 2017
    risk 0.28cvss 4.3epss 0.03

    The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

  • CVE-2019-3683Jan 17, 2020
    risk 0.00cvss epss 0.01

    The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify,…

  • CVE-2014-0592Apr 4, 2014
    risk 0.00cvss epss 0.02

    Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.

  • CVE-2012-0434Dec 2, 2013
    risk 0.00cvss epss 0.02

    The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.