Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openstack
(Redhat)| Repositories |
• https://github.com/openvswitch/ovs
• https://github.com/openstack/heat-templates • https://github.com/memcached/memcached • https://github.com/antirez/redis • https://github.com/apache/httpd |
| #Vulnerabilities | 210 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-03 | CVE-2021-3620 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | Ansible_automation_platform_early_access, Ansible_engine, Enterprise_linux, Enterprise_linux_for_power_little_endian, Openstack, Virtualization, Virtualization_for_ibm_power_little_endian, Virtualization_host, Virtualization_manager | 5.5 | ||
| 2018-03-09 | CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | Ubuntu_linux, Debian_linux, Django, Openstack | 5.3 | ||
| 2021-03-18 | CVE-2020-27827 | A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | Fedora, Lldpd, Openvswitch, Enterprise_linux, Openshift_container_platform, Openstack, Virtualization, Simatic_hmi_unified_comfort_panels_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Sinumerik_one_firmware, Tim_1531_irc_firmware | 7.5 | ||
| 2018-10-08 | CVE-2018-1000807 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. | Ubuntu_linux, Pyopenssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openstack | 8.1 | ||
| 2020-10-07 | CVE-2020-14355 | Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | Ubuntu_linux, Debian_linux, Leap, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_eus, Enterprise_linux_tus, Enterprise_linux_update_services_for_sap_solutions, Openstack, Spice | 6.6 | ||
| 2013-07-31 | CVE-2013-2882 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | Debian_linux, Chrome, Node\.js, Openstack | N/A | ||
| 2014-11-01 | CVE-2014-3615 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization | N/A | ||
| 2015-05-13 | CVE-2015-3456 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. | Qemu, Enterprise_linux, Enterprise_virtualization, Openstack, Xen | N/A | ||
| 2016-12-10 | CVE-2016-6888 | Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | Debian_linux, Qemu, Openstack, Virtualization | 4.4 | ||
| 2017-03-27 | CVE-2017-5973 | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | Debian_linux, Qemu, Openstack, Virtualization | 5.5 |