galera-3 (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package galera-3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (28)
CVE-2018-15727 — CVSS 9.8 (critical): Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember…
CVE-2019-5477 — CVSS 9.8 (critical): A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open`…
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2016-10127 — CVSS 9.0 (critical): PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2019-13611 — CVSS 8.8 (high): An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows…
CVE-2019-15043 — CVSS 7.5 (high): In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service…
CVE-2018-3064 — CVSS 7.1 (high): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and…
CVE-2018-3251 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2018-19039 — CVSS 6.5 (medium): Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin…
CVE-2018-3060 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and…
CVE-2018-3143 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2018-3156 — CVSS 6.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and…
CVE-2018-3185 — CVSS 5.5 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3174 — CVSS 5.3 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are…
CVE-2019-2628 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and…
CVE-2018-3173 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3200 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3162 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3277 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3282 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected…
CVE-2018-3063 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are…
CVE-2019-2627 — CVSS 4.9 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are…
CVE-2019-2614 — CVSS 4.4 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are…
CVE-2018-3284 — CVSS 4.4 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and…
CVE-2018-3058 — CVSS 4.3 (medium): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and…
CVE-2018-3066 — CVSS 3.3 (low): Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are…
CVE-2015-3448 — CVSS 2.1 (low): REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information…
CVE-2018-558213: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15727. Reason: This candidate is a reservation duplicate of…