Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openstack
(Redhat)| Repositories |
• https://github.com/openvswitch/ovs
• https://github.com/openstack/heat-templates • https://github.com/memcached/memcached • https://github.com/antirez/redis • https://github.com/apache/httpd |
| #Vulnerabilities | 210 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-18 | CVE-2022-3100 | A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. | Barbican, Openstack, Openstack_for_ibm_power, Openstack_platform | 5.9 | ||
| 2023-03-23 | CVE-2022-3101 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | Tripleo_ansible, Openstack, Openstack_for_ibm_power | 5.5 | ||
| 2023-03-23 | CVE-2022-3146 | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | Tripleo_ansible, Openstack, Openstack_for_ibm_power | 5.5 | ||
| 2018-03-09 | CVE-2018-7536 | An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | Ubuntu_linux, Debian_linux, Django, Openstack | 5.3 | ||
| 2018-10-08 | CVE-2018-1000807 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. | Ubuntu_linux, Pyopenssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openstack | 8.1 | ||
| 2013-07-31 | CVE-2013-2882 | Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | Debian_linux, Chrome, Node\.js, Openstack | N/A | ||
| 2014-11-01 | CVE-2014-3615 | The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. | Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization | N/A | ||
| 2015-05-13 | CVE-2015-3456 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. | Qemu, Enterprise_linux, Enterprise_virtualization, Openstack, Xen | N/A | ||
| 2016-12-10 | CVE-2016-6888 | Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. | Debian_linux, Qemu, Openstack, Virtualization | 4.4 | ||
| 2017-03-27 | CVE-2017-5973 | The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | Debian_linux, Qemu, Openstack, Virtualization | 5.5 |