Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openstack
Total 213 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-10903 3 Canonical, Cryptography, Redhat 3 Ubuntu Linux, Python-cryptography, Openstack 2023-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
CVE-2017-7481 3 Canonical, Debian, Redhat 10 Ubuntu Linux, Debian Linux, Ansible Engine and 7 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated.
CVE-2018-14432 3 Debian, Openstack, Redhat 3 Debian Linux, Keystone, Openstack 2023-12-10 3.5 LOW 5.3 MEDIUM
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
CVE-2017-2620 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2023-12-10 9.0 HIGH 9.9 CRITICAL
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVE-2018-1000808 3 Canonical, Pyopenssl Project, Redhat 7 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 4 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.. This vulnerability appears to have been fixed in 17.5.0.
CVE-2017-2673 1 Redhat 1 Openstack 2023-12-10 6.5 MEDIUM 7.2 HIGH
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
CVE-2017-7539 2 Qemu, Redhat 4 Qemu, Enterprise Linux, Openstack and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
CVE-2018-17205 3 Canonical, Openvswitch, Redhat 3 Ubuntu Linux, Openvswitch, Openstack 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash.
CVE-2017-2627 2 Openstack, Redhat 2 Tripleo-common, Openstack 2023-12-10 7.2 HIGH 8.2 HIGH
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.
CVE-2018-14620 1 Redhat 1 Openstack 2023-12-10 7.5 HIGH 9.8 CRITICAL
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 6 Ubuntu Linux, Debian Linux, Qemu and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-2767 6 Canonical, Debian, Mariadb and 3 more 14 Ubuntu Linux, Debian Linux, Mariadb and 11 more 2023-12-10 3.5 LOW 3.1 LOW
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
CVE-2018-17204 4 Canonical, Debian, Openvswitch and 1 more 4 Ubuntu Linux, Debian Linux, Openvswitch and 1 more 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2023-12-10 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2017-15139 2 Openstack, Redhat 2 Cinder, Openstack 2023-12-10 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
CVE-2017-2621 2 Openstack, Redhat 2 Heat, Openstack 2023-12-10 2.1 LOW 5.5 MEDIUM
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2017-7543 2 Openstack, Redhat 3 Neutron, Enterprise Linux, Openstack 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
CVE-2018-10915 4 Canonical, Debian, Postgresql and 1 more 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more 2023-12-10 6.0 MEDIUM 7.5 HIGH
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.
CVE-2018-14635 2 Openstack, Redhat 2 Neutron, Openstack 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
CVE-2018-1000127 4 Canonical, Debian, Memcached and 1 more 4 Ubuntu Linux, Debian Linux, Memcached and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.