Lucene search
K
RedhatOpenstack

25 matches found

CVE
CVE
added 2019/11/22 10:56 p.m.316 views

CVE-2019-11291

CVE-2019-11291 affects Pivotal RabbitMQ: 3.7.x before 3.7.20, 3.8.x before 3.8.1, and RabbitMQ for PCF (1.16.x before 1.16.7, 1.17.x before 1.17.4). The underlying issue is improper sanitization of input in the federation and shovel endpoints, enabling a remote authenticated attacker with adminis...

4.8CVSS4AI score0.00796EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.291 views

CVE-2018-2813

CVE-2018-2813 is reported in the F5 AWS advisory as a MySQL Server (subcomponent: Server: DDL) vulnerability. Affected are Oracle MySQL/MariaDB lineage versions 5.5.59 and prior, 5.6.39 and prior, and 5.7.21 and prior. The issue: a low-privileged attacker with network access can compromise MySQL ...

4.3CVSS4.2AI score0.02568EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.261 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00697EPSS
CVE
CVE
added 2019/10/16 3:23 p.m.251 views

CVE-2019-11281

CVE-2019-11281 affects Pivotal RabbitMQ and RabbitMQ for PCF where two UI components (virtual host limits page and federation management UI) fail to sanitize user input. A remote authenticated administrator could craft a cross-site scripting attack to access virtual hosts and policy management in...

4.8CVSS4.9AI score0.01165EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.248 views

CVE-2018-2771

CVE-2018-2771 affects the MySQL Server component (subcomponent: Server: Locking) across Oracle MySQL releases. Affected series include 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability is described as difficult to exploit but can allow a high-privilege attacker wit...

4.4CVSS5AI score0.03592EPSS
CVE
CVE
added 2018/04/19 2:0 a.m.241 views

CVE-2018-2781

CVE-2018-2781 is a vulnerability in the MySQL Server component (subcomponent: Server: Optimizer). Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The fixed text indicates an easily exploitable issue that allows a high-privileged attacker with network access v...

4.9CVSS5.4AI score0.03294EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.230 views

CVE-2017-3651

CVE-2017-3651 affects Oracle MySQL Server’s Client mysqldump component. Affected releases include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described in multiple advisories as a vulnerability that enables a low-privileged, network-accessing attacker to perform u...

4.3CVSS4AI score0.02049EPSS
CVE
CVE
added 2020/03/16 3:5 p.m.223 views

CVE-2020-1735

CVE-2020-1735 is a vulnerability in the Ansible Engine where the fetch module can be intercepted, enabling an attacker to inject a new path and choose a different destination path on the controller. The issue affects all 2.7.x, 2.8.x and 2.9.x branches. Connected advisories confirm multiple vendo...

4.6CVSS5.2AI score0.00487EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.222 views

CVE-2017-3641

CVE-2017-3641 details (normal mode) : A vulnerability in the MySQL Server component (subcomponent: Server: DML) affecting MariaDB/MySQL Server. Affected versions include 5.5.56 and earlier, 5.6.36 and earlier, and 5.7.18 and earlier. The issue is described as exploitable by a high-privilege attac...

4.9CVSS4.9AI score0.03198EPSS
CVE
CVE
added 2020/03/16 3:7 p.m.215 views

CVE-2020-1740

CVE-2020-1740 is about Ansible Engine Vault editing: on the same host, ansible-vault edit can expose old/new secrets due to mkstemp/two-step write. Connected documents consistently confirm this vulnerability across multiple distributions (Astra Linux, Debian, Fedora/Red Hat, Alpine, Amazon Linux)...

4.7CVSS5.2AI score0.00374EPSS
CVE
CVE
added 2022/03/23 7:46 p.m.157 views

CVE-2021-4180

The CVE affects openstack-tripleo-heat-templates (older than 11.6.1). The underlying issue is an information exposure: an external user can discover internal IP addresses or hostnames by inspecting the www_authenticate_uri parameter in configuration files. This data leakage is specifically tied t...

4.3CVSS4AI score0.00754EPSS
CVE
CVE
added 2018/09/19 4:0 p.m.130 views

CVE-2018-17206

Open vSwitch 2.7.x–2.7.6 contains a buffer over-read in the decode_bundle function (lib/ofp-actions.c) during BUNDLE action decoding, classified as CVE-2018-17206. The issue is documented in multiple advisories (e.g., RHSA/RHSA-like entries) and Debian/DLA disclosures; exploitation details and ex...

4.9CVSS5.3AI score0.02046EPSS
CVE
CVE
added 2018/09/19 4:0 p.m.109 views

CVE-2018-17204

Open vSwitch (OVS) 2.7.x–2.7.6 is affected by CVE-2018-17204 due to a logic error in parse_group_prop_ntr_selection_method within lib/ofp-util.c. During decoding of a group mod, the code validates the group type/command only after the full group mod is parsed, but the OpenFlow 1.5 decoder may use...

4.3CVSS4.8AI score0.01911EPSS
CVE
CVE
added 2016/12/10 12:0 a.m.107 views

CVE-2016-6888

CVE-2016-6888 in QEMU (net_tx_pkt_init in hw/net/net_tx_pkt.c) has an integer overflow when handling the maximum fragmentation count, triggering an unchecked multiplication and a NULL pointer dereference. This allows a local privileged user/guest to cause a denial of service (QEMU process crash)....

4.4CVSS6.1AI score0.00381EPSS
CVE
CVE
added 2014/10/31 2:0 p.m.100 views

CVE-2014-3708

CVE-2014-3708 affects OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1. The vulnerability arises from how an IP filter is processed in the list active servers API request, allowing remote authenticated users to cause a denial of service (CPU consumption). Public advisories (R...

4CVSS6.2AI score0.02783EPSS
CVE
CVE
added 2014/10/02 2:0 p.m.88 views

CVE-2014-3621

CVE-2014-3621 affects OpenStack Keystone (identity service). The issue is a catalog URL replacement in Keystone that, when processing endpoints, can disclose sensitive configuration by crafting the publicurl field (demonstrated via $(admin_token)). Affected releases include Keystone before 2013.2...

4CVSS5.8AI score0.02109EPSS
CVE
CVE
added 2015/01/23 3:0 p.m.82 views

CVE-2014-9623

OpenStack Glance (Image Service) CVE-2014-9623 affects 2014.2.x through 2014.2.1, 2014.1.3 and earlier, allowing remote authenticated users to bypass storage quota and cause disk DoS by deleting an image in the saving state. Root cause is an incomplete fix that permitted quota bypass during uploa...

4CVSS6.1AI score0.02844EPSS
CVE
CVE
added 2014/02/02 12:0 a.m.81 views

CVE-2013-6491

CVE-2013-6491 affects the OpenStack Oslo stack (OpenStack Nova) using the python-qpid client; specifically, the common/rpc/impl_qpid.py path does not enforce SSL when qpid_protocol is set to ssl, allowing remote attackers to sniff network traffic and obtain sensitive information. The root cause i...

4.3CVSS5.9AI score0.01884EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.80 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, is affected. The issue arises when heat-templates configures Yum repositories with sslverify set to false, effectively disabling SSL verification and allowing man-in-the-middle attackers to inte...

4.3CVSS6.6AI score0.01374EPSS
CVE
CVE
added 2013/10/29 10:0 p.m.75 views

CVE-2013-4185

CVE-2013-4185 describes an algorithmic complexity vulnerability in OpenStack Compute (Nova) where the code path for updating network source security group policies is mishandled. This allows an authenticated remote user to trigger a denial of service by issuing many server-creation operations, ca...

4CVSS6.1AI score0.02087EPSS
CVE
CVE
added 2014/10/31 2:0 p.m.73 views

CVE-2014-8333

CVE-2014-8333 affects the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4. An authenticated user can trigger a denial-of-service (disk consumption) by deleting an instance that is in the resize state, causing backend resource exhaustion. Remediation reported in associated advisories: ...

4CVSS6.2AI score0.02006EPSS
CVE
CVE
added 2014/11/24 3:0 p.m.70 views

CVE-2014-7821

OpenStack Neutron vulnerable to a denial-of-service via a crafted dns_nameservers value in DNS configuration. Affected products: OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1. Root cause: improper handling of the dns_nameservers parameter leads to crash when an authenticated user...

4CVSS6.1AI score0.03936EPSS
CVE
CVE
added 2015/03/10 2:0 p.m.70 views

CVE-2015-0271

CVE-2015-0271 affects Red Hat OpenStack Horizon’s redhat-access-plugin (pre-6.0.3). The vulnerability arises from an unsanitized input in the log-viewing function, allowing an authenticated attacker to read arbitrary files via a crafted path. Impact is reading sensitive files with the web server’...

4CVSS6.6AI score0.01676EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.68 views

CVE-2014-0040

CVE-2014-0040 affects OpenStack Heat Templates (heat-templates) as used in Red Hat OpenStack Platform 4.0. The root cause is HTTP downloads of packages and signing keys via Yum, enabling MITM attackers to block or tamper updates. Red Hat’s RHSA-2014:0579 fixes this (and related CVEs 0041, 0042) b...

4.3CVSS6.6AI score0.01466EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.59 views

CVE-2014-0042

CVE-2014-0042 affects OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform 4.0. The issue is that certain heat templates disable GPG signature checking by setting gpgcheck=0, allowing potential MITM-style package tampering during downloads. Red Hat’s RH...

4.3CVSS6.8AI score0.01466EPSS