Openstack@7.0 Security Vulnerabilities and Issues — Openstack@7.0 CVE List

Lucene search

RedhatOpenstack7.0

7 matches found

CVE•added 2018/05/22 12:29 p.m.•725 views

CVE-2018-3639

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...

5.5CVSS5.9AI score0.46737EPSS

CVE•added 2018/07/27 7:29 p.m.•165 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.02502EPSS

CVE•added 2018/07/03 1:29 a.m.•135 views

CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or poten...

9.1CVSS7.7AI score0.01049EPSS

CVE•added 2018/07/27 9:29 p.m.•131 views

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw ...

9.9CVSS8AI score0.01523EPSS

CVE•added 2018/07/26 12:29 p.m.•73 views

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any comp...

10CVSS9.7AI score0.00577EPSS

CVE•added 2018/07/26 2:29 p.m.•62 views

CVE-2017-7539

An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process ...

7.5CVSS7.1AI score0.01786EPSS

CVE•added 2018/07/26 2:29 p.m.•51 views

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-c...

5.9CVSS5.4AI score0.00441EPSS