Lucene search
K

60 matches found

CVE
CVE
added 2018/10/19 10:0 p.m.96 views

CVE-2018-18438

CVE-2018-18438 affects QEMU and is caused by integer overflows due to using a signed integer for a size value in IOReadHandler and related functions. The vulnerability is rooted in QEMU’s IO read path, where a size parameter can overflow, enabling an overflow condition. The CVE entry itself lists...

5.5CVSS7.1AI score0.0044EPSS
CVE
CVE
added 2023/03/06 12:0 a.m.96 views

CVE-2022-4134

CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...

2.8CVSS3.6AI score0.00323EPSS
CVE
CVE
added 2019/07/30 4:22 p.m.93 views

CVE-2019-10141

OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...

9.1CVSS8.8AI score0.02464EPSS
Web
CVE
CVE
added 2019/03/13 2:0 a.m.92 views

CVE-2019-9735

CVE-2019-9735 affects the OpenStack Neutron iptables security group driver. In affected releases (OpenStack Neutron before 10.0.8; 11.x before 11.0.7; 12.x before 12.0.6; 13.x before 13.0.3), setting a destination port in a security group rule together with a protocol that doesn’t support that op...

6.5CVSS6.1AI score0.03635EPSS
CVE
CVE
added 2018/07/31 2:0 p.m.89 views

CVE-2018-14432

Summary of CVE-2018-14432 (OpenStack Keystone federation) : An authenticated GET to /v3/OS-FEDERATION/projects could bypass access controls and disclose all projects and their attributes when Keystone’s /v3/OS-FEDERATION endpoint is enabled via policy.json. Affected releases include OpenStack Key...

5.3CVSS4.8AI score0.01618EPSS
CVE
CVE
added 2018/08/27 5:0 p.m.88 views

CVE-2017-15139

CVE-2017-15139 affects OpenStack Cinder up to Queens, specifically ScaleIO volumes using thin volumes with zero padding. The vulnerability can lead to leakage of sensitive data between tenants when new volumes are created in certain configurations. Public documentation in connected items confirms...

7.5CVSS7.2AI score0.01244EPSS
CVE
CVE
added 2019/03/26 5:45 p.m.86 views

CVE-2018-16856

CVE-2018-16856 affects the OpenStack Load Balancing service (openstack-octavia) in Red Hat OpenStack Platform Director installations. In affected builds, openstack-octavia before versions 2.0.2-5 and 3.0.1-0.20181009115732 creates log files readable by all users, allowing sensitive data such as p...

7.5CVSS7.3AI score0.00878EPSS
CVE
CVE
added 2017/12/08 3:0 p.m.83 views

CVE-2017-10906

Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...

10CVSS9.5AI score0.04581EPSS
CVE
CVE
added 2018/07/30 4:0 p.m.71 views

CVE-2018-10898

CVE-2018-10898 affects openstack-tripleo-heat-templates prior to 8.0.2-40. When deploying with Director in RHOSP13, Opendaylight is configured with easily guessable default credentials, as described in multiple sources (Red Hat RHSA-2018:2214 and CNVD/OSV entries). The issue arises from default c...

8.8CVSS8.5AI score0.0087EPSS
CVE
CVE
added 2018/09/10 7:0 p.m.68 views

CVE-2018-14620

CVE-2018-14620 affects openstack-rabbitmq-container and openstack-containers shipped with Red Hat OpenStack Platform 12–14. Root cause: the rabbitmq_clusterer component is fetched over HTTP during docker build without integrity validation, enabling an attacker to inject malicious code into the im...

9.8CVSS9.4AI score0.00597EPSS
Total number of security vulnerabilities60