Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openstack
Total 170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14900 3 Hibernate, Quarkus, Redhat 5 Hibernate Orm, Quarkus, Decision Manager and 2 more 2021-10-15 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CVE-2016-9587 2 Ansible, Redhat 3 Ansible, Ansible, Openstack 2021-09-13 9.3 HIGH 8.1 HIGH
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
CVE-2018-3639 12 Arm, Canonical, Debian and 9 more 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more 2021-08-13 2.1 LOW 5.5 MEDIUM
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVE-2020-10753 5 Canonical, Fedoraproject, Linuxfoundation and 2 more 6 Ubuntu Linux, Fedora, Ceph and 3 more 2021-08-11 4.3 MEDIUM 6.5 MEDIUM
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
CVE-2020-10684 1 Redhat 3 Ansible, Ansible Tower, Openstack 2021-08-07 3.6 LOW 7.1 HIGH
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
CVE-2020-1739 3 Debian, Fedoraproject, Redhat 6 Debian Linux, Fedora, Ansible and 3 more 2021-08-07 3.3 LOW 3.9 LOW
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
CVE-2019-14846 3 Debian, Opensuse, Redhat 6 Debian Linux, Backports Sle, Leap and 3 more 2021-08-07 2.1 LOW 7.8 HIGH
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process.
CVE-2020-1733 3 Debian, Fedoraproject, Redhat 6 Debian Linux, Fedora, Ansible and 3 more 2021-08-07 3.7 LOW 5.0 MEDIUM
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
CVE-2020-10685 1 Redhat 5 Ansible Engine, Ansible Tower, Ceph Storage and 2 more 2021-08-07 1.9 LOW 5.5 MEDIUM
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.
CVE-2019-10156 2 Debian, Redhat 3 Debian Linux, Ansible, Openstack 2021-08-07 5.5 MEDIUM 5.4 MEDIUM
A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.
CVE-2020-1735 1 Redhat 4 Ansible, Ansible Tower, Cloudforms Management Engine and 1 more 2021-08-07 3.6 LOW 4.6 MEDIUM
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
CVE-2020-1740 1 Redhat 4 Ansible, Ansible Tower, Cloudforms Management Engine and 1 more 2021-08-07 1.9 LOW 4.7 MEDIUM
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
CVE-2016-9590 2 Openstack, Redhat 2 Puppet-swift, Openstack 2021-08-04 4.0 MEDIUM 6.5 MEDIUM
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
CVE-2016-8909 4 Debian, Opensuse, Qemu and 1 more 6 Debian Linux, Leap, Qemu and 3 more 2021-08-04 2.1 LOW 6.0 MEDIUM
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
CVE-2017-5973 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2021-08-04 2.1 LOW 5.5 MEDIUM
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVE-2016-6519 2 Openstack, Redhat 2 Manila, Openstack 2021-08-04 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
CVE-2018-16876 4 Canonical, Debian, Redhat and 1 more 10 Ubuntu Linux, Debian Linux, Ansible and 7 more 2021-08-04 3.5 LOW 5.3 MEDIUM
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
CVE-2019-3866 1 Redhat 2 Openstack, Openstack-mistral 2021-08-04 2.1 LOW 5.5 MEDIUM
An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
CVE-2017-2620 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2021-08-04 9.0 HIGH 9.9 CRITICAL
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVE-2019-10192 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2021-08-04 6.5 MEDIUM 7.2 HIGH
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.