Lucene search
+L
RedhatOpenstack

20 matches found

CVE
CVE
added 2018/07/19 1:0 p.m.376 views

CVE-2017-7481

CVE-2017-7481 affects Ansible before versions 2.3.1.0 and 2.4.0.0, where lookup-plugin results could be marked unsafe, allowing code execution via jinja2 if an attacker controls lookup() results. The description and connected advisories confirm the vulnerability originates from unsafe lookup resu...

9.8CVSS9.3AI score0.04804EPSS
In wild
CVE
CVE
added 2018/06/17 5:0 p.m.243 views

CVE-2018-11219

CVE-2018-11219 is a Redis Lua subsystem integer overflow vulnerability (bounds checking failure) affecting Redis up to versions prior to 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. The issue originates in lua_struct.c:b_unpack() and can lead to memory corruption or a crash. Public details ...

9.8CVSS7.9AI score0.07056EPSS
CVE
CVE
added 2020/01/02 2:15 p.m.234 views

CVE-2019-14859

CVE-2019-14859 affects the Python library python-ecdsa. A flaw exists in all versions before 0.13.3 where signatures are not properly verified for DER encoding, allowing a malformed signature to be accepted and making signatures malleable. This could enable an attacker to use a malleable signatur...

9.1CVSS8.8AI score0.01596EPSS
CVE
CVE
added 2020/02/08 6:2 p.m.225 views

CVE-2015-5741

CVE-2015-5741 : The Go net/http implementation (net/http/transfer.go) before 1.4.3 fails to correctly parse HTTP headers, enabling remote attackers to perform HTTP request smuggling via requests containing both Content-Length and Transfer-Encoding. This is documented across multiple sources in th...

9.8CVSS9AI score0.02704EPSS
CVE
CVE
added 2018/06/17 5:0 p.m.224 views

CVE-2018-11218

CVE-2018-11218 describes a memory corruption vulnerability in the Redis Lua subsystem’s cmsgpack handling, caused by stack-based buffer overflows. Affected Redis versions are before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. Several connected sources reiter the issue as a Redis component ...

9.8CVSS8.1AI score0.58529EPSS
CVE
CVE
added 2018/07/27 7:0 p.m.212 views

CVE-2017-2620

CVE-2017-2620 affects QEMU with Cirrus CLGD 54xx VGA emulator prior to 2.8, where cirrus_bitblt_cputovideo can trigger out-of-bounds access while copying VGA data. This could allow a privileged guest user to crash the QEMU process or potentially execute arbitrary host code with QEMU privileges. P...

9.9CVSS7.9AI score0.03559EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.179 views

CVE-2015-5165

CVE-2015-5165 affects the RTL8139 emulation in QEMU (C+ mode offload) used by Xen 4.5.x and earlier. A remote attacker could read heap memory in the QEMU process via unspecified vectors, potentially exposing host data. Public sources in connected docs document this as an information-leak flaw in ...

9.3CVSS6.5AI score0.13288EPSS
CVE
CVE
added 2018/07/27 9:0 p.m.174 views

CVE-2016-9603

CVE-2016-9603 affects QEMU’s Cirrus CLGD 54xx VGA emulator, specifically the VNC display driver support prior to 2.9. A heap-based buffer overflow can occur when a VNC client updates the display after a guest VGA operation. A privileged guest user could crash the QEMU process or potentially execu...

9.9CVSS8AI score0.04448EPSS
CVE
CVE
added 2018/04/24 4:0 p.m.173 views

CVE-2016-9587

CVE-2016-9587 affects Ansible up to versions 2.1.4 and 2.2.1. The issue is improper input validation in handling data from client systems, allowing an attacker who controls a managed client and can send facts back to the server to execute arbitrary code on the Ansible server with server privilege...

9.3CVSS8AI score0.1765EPSS
CVE
CVE
added 2018/07/02 6:0 p.m.173 views

CVE-2017-2615

The CVE-2017-2615 issue affects QEMU’s Cirrus CLGD 54xx VGA emulator support. The vulnerability is an out-of-bounds access during VGA data copying via bitblt in backward mode, which could allow a privileged guest user to crash the QEMU process and potentially execute arbitrary host code with QEMU...

9.1CVSS7.7AI score0.03648EPSS
CVE
CVE
added 2018/10/09 10:0 p.m.149 views

CVE-2018-17963

CVE-2018-17963 affects QEMU’s net/iov path. The vulnerability is introduced by qemu_deliver_packet_iov in net/net.c, which accepts packet sizes greater than INT_MAX, enabling a remote attacker to trigger a denial of service (and potentially other unspecified impact) by sending oversized packets. ...

9.8CVSS9.7AI score0.04782EPSS
CVE
CVE
added 2016/01/08 9:0 p.m.130 views

CVE-2015-7512

CVE-2015-7512 is a buffer overflow in the PC-Net II Ethernet controller emulation (hw/net/pcnet.c) of QEMU. The flaw occurs when handling packets for guests with a larger MTU, allowing a remote attacker to trigger a denial of service (guest OS crash) or potentially execute arbitrary code. Connect...

9CVSS9.3AI score0.0773EPSS
CVE
CVE
added 2019/12/10 2:19 p.m.113 views

CVE-2013-2166

The CVE-2013-2166 entry concerns python-keystoneclient versions 0.2.3 to 0.2.5, where the middleware memcache encryption bypass is documented. Multiple connected records (GHSA-C3XQ-CJ8F-7829 and OSV entries) confirm the same issue and reference advisories like RHSA-2013:0992. The vulnerability ce...

9.8CVSS9.2AI score0.01764EPSS
CVE
CVE
added 2017/03/31 3:0 p.m.107 views

CVE-2008-7313

CVE-2008-7313 concerns the Snoopy library’s _httpsrequest function, where remote attackers could execute arbitrary commands due to an incomplete fix for CVE-2008-4796. The issue is noted across multiple sources (Debian security tracker, Gentoo GLSA, IBM PowerKVM advisories, and CVE listings), oft...

9.8CVSS8.9AI score0.04544EPSS
CVE
CVE
added 2019/12/10 2:22 p.m.105 views

CVE-2013-2167

CVE-2013-2167 affects python-keystoneclient versions 0.2.3 through 0.2.5, where the middleware memcache signing bypass creates a security feature bypass vulnerability. Connected sources confirm the issue is described as a middleware signing bypass in that range of versions, with related advisorie...

9.8CVSS9.2AI score0.01696EPSS
CVE
CVE
added 2017/05/23 5:0 p.m.97 views

CVE-2017-9214

Summary: CVE-2017-9214 affects Open vSwitch (OvS) 2.7.0 and is due to a buffer over-read caused by an unsigned integer underflow in the function ofputil_pull_queue_get_config_reply10 while parsing OFPT_QUEUE_GET_CONFIG_REPLY (OFP 1.0). Impact (as described): Buffer over-read with potential denial...

9.8CVSS9.3AI score0.02887EPSS
CVE
CVE
added 2019/07/30 4:22 p.m.95 views

CVE-2019-10141

OpenStack Ironic Inspector (ironic-inspector) contains a SQL injection in node_cache.find_node() that uses unfiltered data from the /v1/continue POST. This API is unauthenticated, so an attacker with network access could exploit it to cause denial of service; data exfiltration is unlikely per the...

9.1CVSS8.8AI score0.02464EPSS
Web
CVE
CVE
added 2017/03/31 3:0 p.m.86 views

CVE-2014-5008

CVE-2014-5008: Snoopy in Nagios could allow remote command execution due to an incomplete fix related to escaping in the Snoopy library. Public advisories (Red Hat RHSA-2017-0214, IBM PowerKVM bulletin, Debian DLA-357-1, Amazon ALAS-2017-899) associate the issue with Nagios/Snoopy and provide upd...

9.8CVSS9.5AI score0.0413EPSS
CVE
CVE
added 2017/03/31 3:0 p.m.78 views

CVE-2014-5009

CVE-2014-5009 is a remote command-execution vulnerability in Snoopy used by Nagios. It arises from an incomplete fix for CVE-2014-5008 and is reported with high-severity scores (CVSS v3.0 up to 9.8 in the NVD entry). The provided documents identify Nagios/Nagios Core and Snoopy as the affected co...

9.8CVSS9.6AI score0.04707EPSS
CVE
CVE
added 2018/09/10 7:0 p.m.71 views

CVE-2018-14620

CVE-2018-14620 affects openstack-rabbitmq-container and openstack-containers shipped with Red Hat OpenStack Platform 12–14. Root cause: the rabbitmq_clusterer component is fetched over HTTP during docker build without integrity validation, enabling an attacker to inject malicious code into the im...

9.8CVSS9.4AI score0.00597EPSS