Openstack@14 Security Vulnerabilities and Issues — Openstack@14 CVE List

RedhatOpenstack14

15 matches found

CVE•added 2019/08/13 12:0 a.m.•841 views

CVE-2019-9514

CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...

7.8CVSS7.9AI score0.09322EPSS

CVE•added 2019/08/13 8:50 p.m.•545 views

CVE-2019-9515

CVE-2019-9515 concerns an HTTP/2 settings flood that can cause memory/CPU exhaustion. Arista’s security advisory (Security Advisory 0043) states the vulnerability is in Go’s gRPC HTTP/2 usage and can affect TerminAttr, OpenConfig, CVP, and certain Wi‑Fi OpenConfig-enabled components when enabled....

7.8CVSS7.7AI score0.08892EPSS

CVE•added 2019/07/11 6:30 p.m.•304 views

CVE-2019-10192

CVE-2019-10192 is a heap-buffer overflow in Redis HyperLogLog used by SETRANGE. Affected: Redis HyperLogLog in 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. By corrupting a hyperloglog, an attacker can cause Redis to write up to 3 bytes beyond the end of a heap-allocated buffer. Imp...

7.2CVSS6.8AI score0.22307EPSS

CVE•added 2019/07/11 6:30 p.m.•289 views

CVE-2019-10193

CVE-2019-10193 is a stack-buffer overflow in Redis HyperLogLog exposed by the SETRANGE usage. Affected branches are Redis 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. Exploitation could cause writes past the end of a stack-allocated buffer, per multiple connected advisories. Public...

7.2CVSS6.8AI score0.33071EPSS

CVE•added 2019/01/03 3:0 p.m.•273 views

CVE-2018-16876

CVE-2018-16876 affects Ansible prior to versions 2.5.14, 2.6.11, and 2.7.5, exposing information via information disclosure in vvv+ mode when no_log is enabled. The issue is a data leakage vulnerability, confirmed across multiple advisories (e.g., RHSA-2019-0564/0590 and related distributions) an...

5.3CVSS5AI score0.01236EPSS

CVE•added 2020/07/06 6:35 p.m.•266 views

CVE-2019-14900

CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...

6.5CVSS6.7AI score0.01696EPSS

CVE•added 2020/01/02 2:15 p.m.•217 views

CVE-2019-14859

CVE-2019-14859 affects the Python library python-ecdsa. A flaw exists in all versions before 0.13.3 where signatures are not properly verified for DER encoding, allowing a malformed signature to be accepted and making signatures malleable. This could enable an attacker to use a malleable signatur...

9.1CVSS8.8AI score0.00072EPSS

CVE•added 2019/07/30 10:12 p.m.•206 views

CVE-2019-10156

CVE-2019-10156 affects Ansible: templating flaw in versions before 2.6.18, 2.7.12 and 2.8.2 enables information disclosure through unintended variable substitution (contents of any variable may be disclosed). Several connected advisories confirm fixes/upgrades: e.g., Debian stable (buster) update...

5.5CVSS5.7AI score0.00589EPSS

CVE•added 2019/04/23 3:57 p.m.•179 views

CVE-2019-0223

CVE-2019-0223 concerns Apache Qpid Proton (C library and bindings) versions 0.9–0.27.0. Under TLS with OpenSSL versions before 1.1.0, a peer could be connected anonymously even when peer cert verification is configured, enabling a potential undetected man-in-the-middle attack if TLS traffic is in...

7.4CVSS7AI score0.0041EPSS

CVE•added 2019/08/09 6:21 p.m.•153 views

CVE-2019-14433

The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...

6.5CVSS6.1AI score0.01301EPSS

CVE•added 2018/10/09 10:0 p.m.•136 views

CVE-2018-17963

CVE-2018-17963 affects QEMU’s net/iov path. The vulnerability is introduced by qemu_deliver_packet_iov in net/net.c, which accepts packet sizes greater than INT_MAX, enabling a remote attacker to trigger a denial of service (and potentially other unspecified impact) by sending oversized packets. ...

9.8CVSS9.7AI score0.01449EPSS

CVE•added 2019/04/05 4:1 a.m.•91 views

CVE-2019-10876

CVE-2019-10876 affects OpenStack Neutron: versions 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with overlapping port ranges, an authenticated user can trigger an Open vSwitch firewall KeyError, preventing Neutron from configuring networks on com...

6.5CVSS6.1AI score0.00624EPSS

CVE•added 2019/03/13 2:0 a.m.•83 views

CVE-2019-9735

CVE-2019-9735 affects the OpenStack Neutron iptables security group driver. In affected releases (OpenStack Neutron before 10.0.8; 11.x before 11.0.7; 12.x before 12.0.6; 13.x before 13.0.3), setting a destination port in a security group rule together with a protocol that doesn’t support that op...

6.5CVSS6.1AI score0.01892EPSS

CVE•added 2019/07/30 4:22 p.m.•82 views

CVE-2019-10141

OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...

9.1CVSS8.8AI score0.00548EPSS

Web

CVE•added 2019/03/26 5:45 p.m.•77 views

CVE-2018-16856

CVE-2018-16856 affects the OpenStack Load Balancing service (openstack-octavia) in Red Hat OpenStack Platform Director installations. In affected builds, openstack-octavia before versions 2.0.2-5 and 3.0.1-0.20181009115732 creates log files readable by all users, allowing sensitive data such as p...

7.5CVSS7.3AI score0.00267EPSS