60 matches found
CVE-2018-18438
CVE-2018-18438 affects QEMU and is caused by integer overflows due to using a signed integer for a size value in IOReadHandler and related functions. The vulnerability is rooted in QEMU’s IO read path, where a size parameter can overflow, enabling an overflow condition. The CVE entry itself lists...
CVE-2022-4134
CVE-2022-4134 affects OpenStack Glance. A flaw allows a remote, authenticated attacker to tamper with uploaded images, compromising the integrity of virtual machines created from those images. The available sources describe the vulnerable component as openstack-glance and confirm the impact is im...
CVE-2019-10141
OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...
CVE-2019-9735
CVE-2019-9735 affects the OpenStack Neutron iptables security group driver. In affected releases (OpenStack Neutron before 10.0.8; 11.x before 11.0.7; 12.x before 12.0.6; 13.x before 13.0.3), setting a destination port in a security group rule together with a protocol that doesn’t support that op...
CVE-2018-14432
Summary of CVE-2018-14432 (OpenStack Keystone federation) : An authenticated GET to /v3/OS-FEDERATION/projects could bypass access controls and disclose all projects and their attributes when Keystone’s /v3/OS-FEDERATION endpoint is enabled via policy.json. Affected releases include OpenStack Key...
CVE-2017-15139
CVE-2017-15139 affects OpenStack Cinder up to Queens, specifically ScaleIO volumes using thin volumes with zero padding. The vulnerability can lead to leakage of sensitive data between tenants when new volumes are created in certain configurations. Public documentation in connected items confirms...
CVE-2018-16856
CVE-2018-16856 affects the OpenStack Load Balancing service (openstack-octavia) in Red Hat OpenStack Platform Director installations. In affected builds, openstack-octavia before versions 2.0.2-5 and 3.0.1-0.20181009115732 creates log files readable by all users, allowing sensitive data such as p...
CVE-2017-10906
Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...
CVE-2018-10898
CVE-2018-10898 affects openstack-tripleo-heat-templates prior to 8.0.2-40. When deploying with Director in RHOSP13, Opendaylight is configured with easily guessable default credentials, as described in multiple sources (Red Hat RHSA-2018:2214 and CNVD/OSV entries). The issue arises from default c...
CVE-2018-14620
CVE-2018-14620 affects openstack-rabbitmq-container and openstack-containers shipped with Red Hat OpenStack Platform 12–14. Root cause: the rabbitmq_clusterer component is fetched over HTTP during docker build without integrity validation, enabling an attacker to inject malicious code into the im...