Openstack@10 Security Vulnerabilities and Issues — Openstack@10 CVE List

Lucene search

RedhatOpenstack10

7 matches found

CVE•added 2019/07/11 7:15 p.m.•276 views

CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up...

7.2CVSS6.8AI score0.22481EPSS

CVE•added 2019/07/11 7:15 p.m.•261 views

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past t...

7.2CVSS6.8AI score0.34525EPSS

CVE•added 2019/08/09 7:15 p.m.•143 views

CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive...

6.5CVSS6.1AI score0.00516EPSS

CVE•added 2019/11/14 5:15 p.m.•129 views

CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file...

7.5CVSS7.1AI score0.01137EPSS

CVE•added 2019/03/13 2:29 a.m.•73 views

CVE-2019-9735

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authentic...

6.5CVSS6.1AI score0.02003EPSS

CVE•added 2019/07/30 5:15 p.m.•72 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspecti...

9.1CVSS8.8AI score0.00901EPSS

CVE•added 2019/03/26 6:29 p.m.•56 views

CVE-2019-3830

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

7.8CVSS7.2AI score0.00115EPSS