60 matches found
CVE-2020-25717
CVE-2020-25717 affects Samba: an authenticated user mapping domain users to local users can lead to privilege escalation. Public references in Connected documents confirm this is a Samba issue (no exploit details provided here). Several advisories and vendor notes indicate patches or updated pack...
CVE-2018-3639
CVE-2018-3639 is a speculative execution side‑channel vulnerability (SSB) that can leak memory via speculative stores. The Connected ALMA doc notes a mitigation: SSB is disabled by the new alt-java launcher, reducing impact at the cost of performance, and it references OpenJDK 8u282 as part of th...
CVE-2020-10711
The CVE-2020-10711 entry concerns a NULL pointer dereference in the Linux kernel SELinux subprocess during CIPSO category bitmap import. Affected are kernel versions before 5.7; processing the CIPSO restricted bitmap tag in cipso_v4_parsetag_rbm sets a security attribute indicating the bitmap exi...
CVE-2016-2124
CVE-2016-2124 is a Samba SMB1 authentication flaw. The vulnerability lets an attacker retrieve plaintext passwords sent over the wire, even when Kerberos may be required. Connected sources confirm Samba SMB1 handling is at issue, with advisories across Red Hat, Amazon Linux 2/ALAS, Alpine and Clo...
CVE-2020-14364
Vulnerability: CVE-2020-14364 affects the USB emulator in QEMU before 5.2.0. Root cause: an out-of-bounds read/write when processing USB packets, specifically if USBDevice 'setup_len' exceeds data_buf[4096] in do_token_in/do_token_out. Impact: a guest user could crash the QEMU process (DoS) or po...
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
CVE-2018-1000807
CVE-2018-1000807 concerns Python-pyOpenSSL before 17.5.0, with a CWE-416 Use-After-Free in X509 object handling that can lead to denial of service or remote code execution. The vulnerability is reported as fixed in 17.5.0. Connected sources (SUSE-SU-2024:1626-1; SUSE-SU-2024:3749-1; OSV entries) ...
CVE-2018-1000808
CVE-2018-1000808 affects Python Cryptographic Authority pyopenssl prior to 17.5.0, describing a CWE-401 use-after-free in PKCS#12 Store handling that can lead to a Denial of Service when memory is constrained. The issue arises when loading/reloading certificates from PKCS#12, potentially triggere...
CVE-2020-10756
CVE-2020-10756 is a concrete vulnerability in the QEMU SLiRP networking (libslirp) implementation. The issue is an out-of-bounds read in icmp6_send_echoreply() when replying to ICMP echo requests, enabling a guest to leak host memory and cause information disclosure. Affected component/version: l...
CVE-2018-7536
CVE-2018-7536 affects Django: vulnerable in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The issue is a denial-of-service caused by catastrophic backtracking in two regular expressions used by django.utils.html.urlize() (one regex in 1.8.x). The urlize() function underpins...
CVE-2018-10903
The CVE-2018-10903 issue affects python-cryptography versions >=1.9.0 and
CVE-2020-27827
CVE-2020-27827 concerns Open vSwitch where specially crafted LLDP packets can trigger memory allocation issues during handling of optional TLVs, leading to a denial of service and impacting availability. The connected documents provide various advisories (e.g., AlmaLinux, Gentoo GLSA) that refere...
CVE-2020-1711
CVE-2020-1711 affects the QEMU iSCSI Block driver: an out-of-bounds heap buffer access in iscsi_co_block_status() when processing iSCSI server responses for LBA status. A remote attacker could crash QEMU or potentially execute code with host-QEMU privileges, via a crafted response from the iSCSI ...
CVE-2018-10915
CVE-2018-10915 affects libpq: the PostgreSQL client library may fail to reset internal state between connections, enabling untrusted host/hostaddr parameters to bypass client-side security and potentially enable access to higher-privilege connections or related SQL-injection impacts via PQescape(...
CVE-2021-3656
CVE-2021-3656 describes a flaw in the KVM hypervisor for AMD processors where the L1 guest can provide a VMCB with an improperly validated virt_ext field, allowing the L1 to disable VMLOAD/VMSAVE intercepts and VLS for the L2 guest. This enables the L2 guest to read/write portions of the host’s p...
CVE-2019-10192
CVE-2019-10192 is a heap-buffer overflow in Redis HyperLogLog used by SETRANGE. Affected: Redis HyperLogLog in 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. By corrupting a hyperloglog, an attacker can cause Redis to write up to 3 bytes beyond the end of a heap-allocated buffer. Imp...
CVE-2019-10193
CVE-2019-10193 is a stack-buffer overflow in Redis HyperLogLog exposed by the SETRANGE usage. Affected branches are Redis 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. Exploitation could cause writes past the end of a stack-allocated buffer, per multiple connected advisories. Public...
CVE-2020-1739
CVE-2020-1739 affects Ansible (2.7.16 and earlier, 2.8.8 and earlier, 2.9.5 and earlier). The flaw arises when a password is supplied to the svn module via the password argument, causing the password to be echoed into the svn command line and readable by other users on the same node by inspecting...
CVE-2018-10875
CVE-2018-10875 affects Ansible where ansible.cfg is read from the current working directory, allowing an attacker to influence the plugin/module path and potentially execute arbitrary code. The issue arises because the CWD can be manipulated to point to controlled code. Red Hat/Ubuntu/openSUSE ad...
CVE-2019-14900
CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...
CVE-2018-10855
CVE-2018-10855 affects Ansible: versions 2.5 prior to 2.5.5 and 2.4 prior to 2.4.5 do not honor the no_log flag for failed tasks, which can cause sensitive data passed to a task to be exposed in logs and on the user’s terminal when the task fails. Red Hat advisories (RHSA-2018:1948, RHSA-2019:005...
CVE-2019-14846
CVE-2019-14846 affects Ansible Engine where all 2.x lines up to 2.8.5 (and similar older branches) could disclose credentials because plugins logging at DEBUG level log sensitive data. The flaw does not affect Ansible modules (they run in a separate process). Public docs show multiple vendors/adv...
CVE-2021-3930
CVE-2021-3930 concerns an off-by-one error in the SCSI device emulation of QEMU during MODE SELECT handling in mode_sense_page() when page is MODE_PAGE_ALLS (0x3f). The vulnerability can allow a malicious guest to crash QEMU, causing a denial of service. Affected software is QEMU (various release...
CVE-2019-14905
The CVE-2019-14905 issue affects Ansible Engine’s nxos_file_copy module, where the filename parameter could be crafted to inject OS commands on NXOS devices. This is a local attack with potential confidentiality, integrity, and availability impacts as described (loss of confidentiality, etc.). Af...
CVE-2018-11806
CVE-2018-11806 affects QEMU where the SLiRP networking back-end (mbuf.c) can perform a heap-based buffer overflow when reassembling fragmented datagrams. The described impact in the connected documents includes a potential host compromise via arbitrary code execution or denial of service due to a...
CVE-2020-1733
The CVE-2020-1733 entry concerns a race-condition in Ansible Engine when using become_user: Ansible creates the temporary directory in /var/tmp with umask 77 during module execution, and the operation can succeed even if the directory already exists and is owned by another user. An attacker could...
CVE-2018-11219
CVE-2018-11219 is a Redis Lua subsystem integer overflow vulnerability (bounds checking failure) affecting Redis up to versions prior to 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. The issue originates in lua_struct.c:b_unpack() and can lead to memory corruption or a crash. Public details ...
CVE-2019-14856
CVE-2019-14856 affects Ansible; connected updates show that openSUSE/SUSE patches (ansible 2.9.6 in openSUSE-2020-513 and 2.9.6 in SUSE-2020-0523) fix this and related CVEs by addressing an incomplete fix for CVE-2019-10206 and other issues (e.g., passwords in prompts/log leakage). The issue orig...
CVE-2019-14859
CVE-2019-14859 affects the Python library python-ecdsa. A flaw exists in all versions before 0.13.3 where signatures are not properly verified for DER encoding, allowing a malformed signature to be accepted and making signatures malleable. This could enable an attacker to use a malleable signatur...
CVE-2018-11218
CVE-2018-11218 describes a memory corruption vulnerability in the Redis Lua subsystem’s cmsgpack handling, caused by stack-based buffer overflows. Affected Redis versions are before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. Several connected sources reiter the issue as a Redis component ...
CVE-2019-10156
CVE-2019-10156 affects Ansible: templating flaw in versions before 2.6.18, 2.7.12 and 2.8.2 enables information disclosure through unintended variable substitution (contents of any variable may be disclosed). Several connected advisories confirm fixes/upgrades: e.g., Debian stable (buster) update...
CVE-2020-1735
CVE-2020-1735 is a vulnerability in the Ansible Engine where the fetch module can be intercepted, enabling an attacker to inject a new path and choose a different destination path on the controller. The issue affects all 2.7.x, 2.8.x and 2.9.x branches. Connected advisories confirm multiple vendo...
CVE-2020-1740
CVE-2020-1740 is about Ansible Engine Vault editing: on the same host, ansible-vault edit can expose old/new secrets due to mkstemp/two-step write. Connected documents consistently confirm this vulnerability across multiple distributions (Astra Linux, Debian, Fedora/Red Hat, Alpine, Amazon Linux)...
CVE-2020-10685
CVE-2020-10685 affects Ansible Engine versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, and Ansible Tower up to 3.6.3, when using vault-decrypting modules (assemble, script, unarchive, win_copy, aws_s3, copy). A temporary directory is created in /tmp and left unencrypted; on ...
CVE-2020-10684
Ansible Engine vulnerable scope: versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, and 2.9.x before 2.9.7 allow an attacker to alter ansible_facts when inject is enabled, potentially leading to privilege escalation or code injection. Connected advisories confirm the same underlying issue and pro...
CVE-2019-0223
CVE-2019-0223 concerns Apache Qpid Proton (C library and bindings) versions 0.9–0.27.0. Under TLS with OpenSSL versions before 1.1.0, a peer could be connected anonymously even when peer cert verification is configured, enabling a potential undetected man-in-the-middle attack if TLS traffic is in...
CVE-2018-10874
CVE-2018-10874 affects Ansible. The issue arises when inventory variables are loaded from the current working directory during ad-hoc commands, which attackers can control, enabling arbitrary code execution (local attacker could compromise the target via manipulated inventory vars). The NVD entry...
CVE-2017-18635
CVE-2017-18635 describes an XSS in noVNC before 0.6.2 where a remote VNC server can inject arbitrary HTML into the noVNC page via status field messages (e.g., server name). Connected advisories confirm affected packages across multiple distros (Debian, Ubuntu, Mageia, Red Hat-related advisories) ...
CVE-2019-14433
The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...
CVE-2020-1736
CVE-2020-1736 concerns Ansible Engine where moving a file with atomic_move cannot set the destination file mode. If the destination does not exist, the move can render the new file world-readable; if the file exists, permissions may be loosened before the move, potentially exposing sensitive data...
CVE-2018-17963
CVE-2018-17963 affects QEMU’s net/iov path. The vulnerability is introduced by qemu_deliver_packet_iov in net/net.c, which accepts packet sizes greater than INT_MAX, enabling a remote attacker to trigger a denial of service (and potentially other unspecified impact) by sending oversized packets. ...
CVE-2021-4180
The CVE affects openstack-tripleo-heat-templates (older than 11.6.1). The underlying issue is an information exposure: an external user can discover internal IP addresses or hostnames by inspecting the www_authenticate_uri parameter in configuration files. This data leakage is specifically tied t...
CVE-2020-1738
CVE-2020-1738 affects Ansible Engine. Root cause: when the module package or service is used and the parameter 'use' is omitted, an attacker with local access can influence which module is sent via the ansible facts file if a prior task ran under a malicious user. Affected: all versions in the 2....
CVE-2022-3100
The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...
CVE-2018-10899
CVE-2018-10899 affects Jolokia versions 1.2 through 1.6.0 (up to before 1.6.1). Affected instances are vulnerable to a system-wide CSRF when origin/referrer checks are not properly enforced, which could lead to Remote Code Execution. The root cause is insufficient CSRF protection under strict ori...
CVE-2018-17206
Open vSwitch 2.7.x–2.7.6 contains a buffer over-read in the decode_bundle function (lib/ofp-actions.c) during BUNDLE action decoding, classified as CVE-2018-17206. The issue is documented in multiple advisories (e.g., RHSA/RHSA-like entries) and Debian/DLA disclosures; exploitation details and ex...
CVE-2018-17204
Open vSwitch (OVS) 2.7.x–2.7.6 is affected by CVE-2018-17204 due to a logic error in parse_group_prop_ntr_selection_method within lib/ofp-util.c. During decoding of a group mod, the code validates the group type/command only after the full group mod is parsed, but the OpenFlow 1.5 decoder may use...
CVE-2019-10876
CVE-2019-10876 affects OpenStack Neutron: versions 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with overlapping port ranges, an authenticated user can trigger an Open vSwitch firewall KeyError, preventing Neutron from configuring networks on com...
CVE-2018-17205
Open vSwitch CVE-2018-17205 affects 2.7.x–2.7.6 in the bundle commit path (ofproto_rule_insert__) where, if a flow fails to be added, OvS reverts previous flows from the same bundle. While reinserting old flows, an assertion failure on rule state != RULE_INITIALIZED occurs because the old flow st...
CVE-2018-14635
The CVE-2018-14635 vulnerability affects OpenStack Neutron’s ml2 Linux Bridge driver. The issue allows non-privileged tenants to create and attach ports without assigning an IP address, bypassing IP address validation. This can lead to a potential denial of service if an IP outside the allowed al...