48 matches found
CVE-2018-10892
CVE-2018-10892 : In Docker/Moby, the default OCI Linux spec (oci/defaults_linux.go) from 1.11 to current does not block /proc/acpi pathnames. This allows a container to affect host hardware state (e.g., enabling/disabling Bluetooth, changing keyboard brightness) by targeting /proc/acpi, represent...
CVE-2016-7103
CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).
CVE-2020-10756
CVE-2020-10756 is a concrete vulnerability in the QEMU SLiRP networking (libslirp) implementation. The issue is an out-of-bounds read in icmp6_send_echoreply() when replying to ICMP echo requests, enabling a guest to leak host memory and cause information disclosure. Affected component/version: l...
CVE-2023-2088
CVE-2023-2088 affects OpenStack components (Cinder/Nova) due to an inconsistency between Cinder and Nova. A remote, authenticated attacker can detach a volume from Cinder, with the highest impact on confidentiality. Public details in connected docs confirm a vulnerability arising from OpenStack s...
CVE-2020-14355
Summary of CVE-2020-14355 : Multiple buffer overflow vulnerabilities were found in the QUIC image decoding path of SPICE, affecting both client and server components (spice-gtk, spice-server, and shared spice-common code). The flaws could allow a remote attacker to send crafted QUIC messages that...
CVE-2019-14900
CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...
CVE-2018-2668
CVE-2018-2668 affects the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Affected: 5.5.58 and earlier; 5.6.38 and earlier; 5.7.20 and earlier. Description across sources: a low-privilege, network-accessible attacker can exploit via multiple protocols to cause a hang or ...
CVE-2020-10753
CVE-2020-10753 affects Red Hat Ceph Storage RadosGW (Ceph Object Gateway). A newline in a CORS ExposeHeader tag in the CORS configuration can inject HTTP headers into responses, enabling header injection during CORS requests. The issue is reported for Ceph RGW in versions 3.x and 4.x (with relate...
CVE-2021-3930
CVE-2021-3930 concerns an off-by-one error in the SCSI device emulation of QEMU during MODE SELECT handling in mode_sense_page() when page is MODE_PAGE_ALLS (0x3f). The vulnerability can allow a malicious guest to crash QEMU, causing a denial of service. Affected software is QEMU (various release...
CVE-2018-2640
The CVE refers to CVE-2018-2640 in the MySQL/MariaDB family: the vulnerability is in the MySQL Server component (Server: Optimizer) and affects multiple supported branches (5.5.x, 5.6.x, 5.7.x) with ability for a network‑accessible, low‑privileged attacker to cause a hang or crash (DOS). Public a...
CVE-2018-2817
CVE-2018-2817 affects the MySQL/MariaDB server stack (MySQL Server component; subcomponents such as DDL/InnoDB/Optimizer) across multiple product lines. Affected versions include MySQL/MariaDB releases prior to upstream fixes (e.g., 5.5.x, 5.6.x, 5.7.x families as cited in the documents). Impact ...
CVE-2018-2622
CVE-2018-2622 affects MySQL Server (Server: DDL) with affected versions 5.5.58 and earlier, 5.6.38 and earlier, and 5.7.20 and earlier. It allows a network-based attacker with low privileges to cause a hang or complete denial-of-service. Multiple connected advisories (ALAS-2018-969, CentOS/CESA-2...
CVE-2018-2665
CVE-2018-2665 affects Oracle MySQL Server (Server: Optimizer). Affected releases include MySQL 5.5.58 and older, 5.6.38 and older, and 5.7.20 and older. The vulnerability is exploitable by a low-privileged attacker who can access the server over the network, and can lead to an unauthorized hang o...
CVE-2018-2819
CVE-2018-2819 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.5.59 and earlier, 5.6.39 and earlier, and 5.7.21 and earlier. The vulnerability enables a low-privileged attacker with network access via multiple protocols to cause a hang or a frequent crash (comp...
CVE-2017-10378
CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...
CVE-2019-14856
CVE-2019-14856 affects Ansible; connected updates show that openSUSE/SUSE patches (ansible 2.9.6 in openSUSE-2020-513 and 2.9.6 in SUSE-2020-0523) fix this and related CVEs by addressing an incomplete fix for CVE-2019-10206 and other issues (e.g., passwords in prompts/log leakage). The issue orig...
CVE-2017-10384
CVE-2017-10384 affects the MySQL Server component (Server: DDL) of Oracle MySQL. Affected versions include 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. An attacker with network access via multiple protocols and low privileges can cause a hang or a complete denial of service in ...
CVE-2020-1759
CVE-2020-1759 affects Red Hat Ceph Storage 4 and Red Hat OpenShift Container Storage 4.2, where the secure mode of the messenger v2 protocol (msgr2) allows nonce reuse. This enables forging authentication tags and can lead to confidentiality and integrity problems in sessions when a nonce is reus...
CVE-2017-10379
CVE-2017-10379 concerns the MySQL Server client-side component of Oracle MySQL. Affected versions are 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability can be exploited by a low-privileged attacker with network access via multiple protocols, potentially leading to ...
CVE-2015-3214
CVE-2015-3214 affects QEMU prior to 2.3.1 (pit_ioport_read in i8254.c) and Linux kernel prior to 2.6.33. The flaw does not distinguish between read and write lengths, potentially allowing a privileged guest user (with PIT emulation enabled) to trigger an invalid index and cause arbitrary host cod...
CVE-2017-18635
CVE-2017-18635 describes an XSS in noVNC before 0.6.2 where a remote VNC server can inject arbitrary HTML into the noVNC page via status field messages (e.g., server name). Connected advisories confirm affected packages across multiple distros (Debian, Ubuntu, Mageia, Red Hat-related advisories) ...
CVE-2019-14433
The CVE-2019-14433 issue affects OpenStack Nova (versions before 17.0.12, 18.x before 18.2.2, 19.x before 19.0.2). It allows authenticated API requests that fault to leak environment details in responses, potentially exposing sensitive configuration data (partial confidentiality impact). Red Hat ...
CVE-2016-8576
CVE-2016-8576 affects QEMU’s USB xHCI emulation. The vulnerability is in xhci_ring_fetch (hw/usb/hcd-xhci.c), where failure to limit the number of TRBs can be exploited by a local privileged guest to cause an infinite loop and a DoS of the QEMU process. The initial documents do not specify exploi...
CVE-2016-9921
According to connected sources, CVE-2016-9921 affects QEMU with Cirrus CLGD 54xx VGA Emulator. The root cause is a divide-by-zero in cirrus_do_copy when Cirrus VGA graphics mode is VGA, which can be triggered during VGA data copying. Impact is guest-privileged code causing a host DoS by crashing ...
CVE-2016-8909
CVE-2016-8909 is an issue in QEMU’s Intel High Definition Audio emulation. The vulnerability exists in the intel_hda_xfer function (hw/audio/intel-hda.c) where an entry with the same value for buffer length and pointer position can be supplied by a local attacker (local guest OS administrator), l...
CVE-2016-9911
CVE-2016-9911 (QEMU) : A memory leak vulnerability in QEMU built with USB EHCI emulation. The leak occurs while processing packet data in ehci_init_transfer, allowing a guest user/process to leak host memory and potentially cause a DoS on the host. The available connected documents confirm the pr...
CVE-2016-8910
CVE-2016-8910 affects QEMU: the rtl8139_cplus_transmit function in hw/net/rtl8139.c can allow a local privileged user to cause a denial of service (infinite loop/CPU usage) by failing to limit the ring descriptor count. No public details on patch/version are provided in the connected documents.
CVE-2018-1059
The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...
CVE-2013-6393
CVE-2013-6393 affects LibYAML: the yaml_parser_scan_tag_uri function in scanner.c of LibYAML before 0.1.5 performs an incorrect cast, enabling a heap-based buffer overflow that can crash the application and possibly allow arbitrary code execution via crafted YAML tags. The initial description and...
CVE-2016-8669
CVE-2016-8669 affects QEMU: the serial_update_parameters function in hw/char/serial.c can be triggered by a divider value greater than baud base to cause a divide-by-zero and QEMU process crash. It is a local privilege vulnerability (guest to host) with denial of service as the impact. The connec...
CVE-2016-9907
The CVE-2016-9907 issue affects Quick Emulator (QEMU) built with usb-guest USB redirector support. It describes a memory-leak flaw that can occur while destroying the usbredir device (usbredir_handle_destroy), allowing a guest user to leak host memory and potentially cause DoS on the host. Red Ha...
CVE-2016-4020
CVE-2016-4020 : In QEMU, the patch_instruction function in hw/i386/kvmvapic.c fails to initialize imm32, enabling a local guest OS administrator to leak host stack memory via the Task Priority Register (TPR). Several advisories (Debian DLA-574-1, CentOS/CESA-2017:1856, Gentoo GLSA-201609-01) docu...
CVE-2017-8379
CVE-2017-8379 is a memory-leak issue in QEMU keyboard input event handling that can allow a local privileged guest user to exhaust host memory and cause a denial of service. The vulnerability is listed among fixes in Red Hat RHSA-2017:2408, which notes remediation by rebasing to QEMU 2.9.0 and re...
CVE-2016-7422
CVE-2016-7422 affects QEMU’s virtio/virtio.c: virtqueue_map_desc allows a local guest OS administrator to trigger a NULL pointer dereference by using a large I/O descriptor buffer length, leading to QEMU process crash. Remediation in connected docs shows fixes via rebases to QEMU 2.9.0 (RHSA-2017...
CVE-2016-7466
CVE-2016-7466 is a memory-leak denial-of-service issue in QEMU’s USB xHCI emulation when MSI-X is used. The usb_xhci_exit path can leak memory during repeated USB unplug actions, allowing a local privileged user (guest) to exhaust host memory or crash the QEMU process. Public details confirm the ...
CVE-2019-10876
CVE-2019-10876 affects OpenStack Neutron: versions 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with overlapping port ranges, an authenticated user can trigger an Open vSwitch firewall KeyError, preventing Neutron from configuring networks on com...
CVE-2018-14635
The CVE-2018-14635 vulnerability affects OpenStack Neutron’s ml2 Linux Bridge driver. The issue allows non-privileged tenants to create and attach ports without assigning an IP address, bypassing IP address validation. This can lead to a potential denial of service if an IP outside the allowed al...
CVE-2019-9735
CVE-2019-9735 affects the OpenStack Neutron iptables security group driver. In affected releases (OpenStack Neutron before 10.0.8; 11.x before 11.0.7; 12.x before 12.0.6; 13.x before 13.0.3), setting a destination port in a security group rule together with a protocol that doesn’t support that op...
CVE-2013-4222
CVE-2013-4222 affects OpenStack Keystone (Folsom, Grizzly 2013.1.3 and earlier, Havana before havana-3). The vulnerability arises because Keystone does not properly revoke user tokens when a tenant is disabled, allowing remote authenticated users to continue accessing resources via their tokens. ...
CVE-2013-2029
CVE-2013-2029 describes a local privilege issue in Nagios Core 3.4.4, 3.5.1 and earlier where a symlink attack on a temporary nagioscfg file in /tmp allows a local user to overwrite arbitrary files. The vulnerability is tied to the nagios.upgrade_to_v3.sh script distributed with these releases. P...
CVE-2016-9590
CVE-2016-9590 affects puppet-swift (used by Red Hat OpenStack Platform director to install Object Storage). Root cause: during installation the Puppet script deploys the service and incorrectly removes and then recreates proxy-server.conf with world-readable permissions, enabling information disc...
CVE-2022-1655
CVE-2022-1655 affects Horizon on Red Hat OpenStack. The underlying issue is an incorrect permission handling for critical resources: Horizon session cookies are created without the HttpOnly flag even when HorizonSecureCookies is true. This could lead to confidentiality/integrity risks for user se...
CVE-2013-2121
Foreman (Red Hat OpenStack/Satellite) CVE-2013-2121 is an eval injection in the create action of the bookmarks controller. Before 1.2.0-RC2, remote authenticated users with bookmark-creation permissions can execute arbitrary code via a controller name attribute. Public references note code inject...
CVE-2013-2113
CVE-2013-2113 affects Foreman before 1.2.0-RC2. The vulnerability lies in the create method of app/controllers/users_controller.rb, where remote authenticated users with create_users permissions can gain privileges by either flipping the admin flag or assigning an arbitrary role. Impact is privil...
CVE-2013-6460
CVE-2013-6460 affects the Nokogiri gem (version 1.5.x) and is described in connected documents as a Denial of Service via an infinite loop when parsing XML documents. The available sources consistently state a DoS impact but do not provide concrete exploitation details or patch/version remediatio...
CVE-2013-4214
CVE-2013-4214 affects Nagios Core 3.4.4, 3.5.1 and earlier. The issue is a local symlink attack in rss-newsfeed.php: when MAGPIE_CACHE_ON is set to 1, a local attacker can create a symbolic link from a temporary file to a target file in /tmp/magpie_cache, enabling overwriting of arbitrary files w...
CVE-2014-0071
CVE-2014-0071 affects PackStack in Red Hat OpenStack 4.0, where PackStack did not correctly enforce default security group rules when deployed to Neutron, allowing remote attackers to bypass access restrictions and reach otherwise restricted systems. The issue is documented in RHSA-2014:0233 and ...
CVE-2013-6461
Nokogiri gem versions 1.5.x and 1.6.x are affected by a DoS vulnerability when parsing XML entities due to failing to apply limits. The issue is described across multiple connected sources (SUSE, Ubuntu, Debian security trackers, RubyGems advisories, and NVD). The CVE entry itself lists DoS as th...