CVE-2018-11940

Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD...

CVE-2018-11930

CVE-2018-11930: Improper input validation in WLAN function can cause integer truncation. Affected Qualcomm Snapdragon families include Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile across SDM/SDX/SM7150 and related platforms; CVSSv3 base 9.8 (Network, low attack complexity, no user i...

CVE-2018-11930

Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607,...

CVE-2018-11928

CVE-2018-11928 is a buffer-overflow vulnerability caused by a missing length parameter check when processing WMI commands in Qualcomm Snapdragon components. Affected are Snapdragon Auto/Compute/Connectivity devices (various SD/SM/QCA platforms) and related Android stack components that use Qualco...

CVE-2018-11271

CVE-2018-11271 is an improper authentication vulnerability affecting Qualcomm Snapdragon platforms (broad range of Snapdragon Auto/Compute/Connectivity/IoT families and related devices). The issue relates to remote command handling caused by improper event handling, enabling potential unauthorize...

CVE-2018-11923

This CVE (CVE-2018-11923) is a buffer-length–checking bug that can cause an integer overflow and subsequent buffer overflow in the WMA event handler. It affects Qualcomm/Snapdragon device families including Snapdragon Auto, Compute, Consumer IoT, Industrial IoT, and Snapdragon Mobile across numer...

Privilege Escalation

openshift-ansible is vulnerable to privilege escalation. A remote unauthenticated attacker could exploit the flawed SSL Certificate Authentication component to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down...

The vulnerability of the chap_server_compute_md5() function in the ISCSI protocol implementation for Linux operating systems allows a attacker to cause a service failure or gain access to protected information.

The vulnerability of the chapservercomputemd5 function in the ISCSI kernel implementation of Linux operating systems is related to improper checking of memory access boundaries, which leads to reading beyond the buffer. Exploiting this vulnerability can allow a malicious actor to cause service...

Foreman < 1.20.3 and 1.21.0 Information Disclosure Vulnerability

Foreman is prone to an authenticated information dislosure vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Denial Of Service

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

Privilege Escalation

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Infomation Disclosure

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A flaw was found in the way the Nova VNC proxy handled console tokens. In some cases, a console token that was valid for one virtual machi...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible...

XML External Entity (XXE)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language XML parser used by Nova. A remote attacker could use this flaw to sen...

openstack-neutron: DOS via broken port range merging in security group

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those...

Code injection

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...

CVE-2019-5492

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected versions of Element Plug-in for vCenter Server...