ardana-tempest (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package ardana-tempest, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (43)
CVE-2019-5477 — CVSS 9.8 (critical): A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open`…
CVE-2018-15727 — CVSS 9.8 (critical): Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember…
CVE-2019-11068 — CVSS 9.8 (critical): libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon…
CVE-2018-17954 — CVSS 9.3 (critical): An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud…
CVE-2016-10127 — CVSS 9.0 (critical): PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2019-13611 — CVSS 8.8 (high): An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows…
CVE-2017-17051 — CVSS 8.6 (high): An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an…
CVE-2020-9543 — CVSS 8.3 (high): OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong…
CVE-2018-1000807 — CVSS 8.1 (high): Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object…
CVE-2019-6975 — CVSS 7.5 (high): Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious…
CVE-2017-5637 — CVSS 7.5 (high): Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused…
CVE-2019-11596 — CVSS 7.5 (high): In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of…
CVE-2019-15026 — CVSS 7.5 (high): memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer over-read in conn_to_str in memcached.c.
CVE-2019-15043 — CVSS 7.5 (high): In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service…
CVE-2020-7595 — CVSS 7.5 (high): xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-10876 — CVSS 6.5 (medium): An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security…
CVE-2020-5247 — CVSS 6.5 (medium): In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can…
CVE-2019-2740 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44…
CVE-2019-2805 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44…
CVE-2019-2974 — CVSS 6.5 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45…
CVE-2019-3498 — CVSS 6.5 (medium): In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used…
CVE-2019-3871 — CVSS 6.5 (medium): A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from…
CVE-2019-9735 — CVSS 6.5 (medium): An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and…
CVE-2018-19039 — CVSS 6.5 (medium): Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin…
CVE-2017-1002201 — CVSS 6.1 (medium): In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be…
CVE-2018-14574 — CVSS 6.1 (medium): django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.
CVE-2019-0201 — CVSS 5.9 (medium): An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any…
CVE-2020-2574 — CVSS 5.9 (medium): Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior…
CVE-2018-1000808 — CVSS 5.9 (medium): Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last…
CVE-2019-2758 — CVSS 5.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and…
CVE-2018-10851 — CVSS 5.3 (medium): PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9…
CVE-2019-16770 — CVSS 5.3 (medium): In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a…
CVE-2018-14626 — CVSS 5.3 (medium): PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet…
CVE-2019-13117 — CVSS 5.3 (medium): In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumber…
CVE-2019-2739 — CVSS 5.1 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are…
CVE-2019-18901 — CVSS 5.1 (medium): A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server…
CVE-2019-2628 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and…
CVE-2019-2627 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are…
CVE-2019-2737 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected…
CVE-2019-2614 — CVSS 4.4 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2019-2938 — CVSS 4.4 (medium): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior…
CVE-2015-3448 — CVSS 2.1 (low): REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information…
CVE-2018-558213: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of…