Openstack Security Vulnerabilities and Issues — Openstack CVE List

Lucene search

RedhatOpenstack

7 matches found

CVE•added 2020/03/12 6:15 p.m.•252 views

CVE-2020-1739

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from tha...

3.9CVSS5.5AI score0.00061EPSS

CVE•added 2018/07/18 1:29 p.m.•249 views

CVE-2018-2767

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multi...

3.5CVSS3.6AI score0.00475EPSS

CVE•added 2020/01/31 10:15 p.m.•236 views

CVE-2015-6815

The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.

3.5CVSS5AI score0.01897EPSS

CVE•added 2017/08/08 3:29 p.m.•198 views

CVE-2017-3653

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

3.5CVSS3.4AI score0.00277EPSS

CVE•added 2020/03/16 4:15 p.m.•125 views

CVE-2020-1736

A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions befo...

3.3CVSS3.6AI score0.00038EPSS

CVE•added 2020/03/16 4:15 p.m.•108 views

CVE-2020-1738

A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches...

3.9CVSS4AI score0.00103EPSS

CVE•added 2013/10/29 10:55 p.m.•58 views

CVE-2013-4261

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send...

3.5CVSS6.4AI score0.00622EPSS