openstack-murano (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package openstack-murano, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2022-34265 — CVSS 9.8 (critical): An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL…
CVE-2022-28346 — CVSS 9.8 (critical): An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra()…
CVE-2022-24790 — CVSS 9.1 (critical): Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not…
CVE-2017-17051 — CVSS 8.6 (high): An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an…
CVE-2018-1000807 — CVSS 8.1 (high): Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object…
CVE-2019-11287 — CVSS 7.5 (high): Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to…
CVE-2021-44716 — CVSS 7.5 (high): net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via…
CVE-2020-1734 — CVSS 7.4 (high): A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen()…
CVE-2019-9735 — CVSS 6.5 (medium): An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and…
CVE-2018-1000808 — CVSS 5.9 (medium): Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last…
CVE-2015-3448 — CVSS 2.1 (low): REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information…