ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
718 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15112 | 3 Etcd, Fedoraproject, Redhat | 5 Etcd, Fedora, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. | ||||
| CVE-2020-15106 | 3 Etcd, Fedoraproject, Redhat | 5 Etcd, Fedora, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. | ||||
| CVE-2020-14364 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | 5.0 Medium |
| An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | ||||
| CVE-2020-14355 | 5 Canonical, Debian, Opensuse and 2 more | 12 Ubuntu Linux, Debian Linux, Leap and 9 more | 2024-11-21 | 6.6 Medium |
| Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | ||||
| CVE-2020-13254 | 7 Canonical, Debian, Djangoproject and 4 more | 8 Ubuntu Linux, Debian Linux, Django and 5 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | ||||
| CVE-2020-12692 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-11-21 | 5.4 Medium |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | ||||
| CVE-2020-12691 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | ||||
| CVE-2020-12690 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. | ||||
| CVE-2020-12689 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | ||||
| CVE-2020-11078 | 4 Debian, Fedoraproject, Httplib2 Project and 1 more | 6 Debian Linux, Fedora, Httplib2 and 3 more | 2024-11-21 | 6.8 Medium |
| In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. | ||||
| CVE-2020-11023 | 8 Debian, Drupal, Fedoraproject and 5 more | 65 Debian Linux, Drupal, Fedora and 62 more | 2024-11-21 | 6.9 Medium |
| In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | ||||
| CVE-2020-10756 | 5 Canonical, Debian, Libslirp Project and 2 more | 7 Ubuntu Linux, Debian Linux, Libslirp and 4 more | 2024-11-21 | 6.5 Medium |
| An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. | ||||
| CVE-2020-10755 | 2 Canonical, Redhat | 3 Ubuntu Linux, Openstack, Openstack-cinder | 2024-11-21 | 6.5 Medium |
| An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project | ||||
| CVE-2020-10753 | 5 Canonical, Fedoraproject, Linuxfoundation and 2 more | 6 Ubuntu Linux, Fedora, Ceph and 3 more | 2024-11-21 | 5.4 Medium |
| A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. | ||||
| CVE-2020-10731 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 9.9 Critical |
| A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. | ||||
| CVE-2020-10724 | 4 Canonical, Dpdk, Fedoraproject and 1 more | 5 Ubuntu Linux, Data Plane Development Kit, Fedora and 2 more | 2024-11-21 | 5.1 Medium |
| A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. | ||||
| CVE-2020-10723 | 6 Canonical, Dpdk, Fedoraproject and 3 more | 10 Ubuntu Linux, Data Plane Development Kit, Fedora and 7 more | 2024-11-21 | 5.1 Medium |
| A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. | ||||
| CVE-2020-10722 | 6 Canonical, Dpdk, Fedoraproject and 3 more | 10 Ubuntu Linux, Data Plane Development Kit, Fedora and 7 more | 2024-11-21 | 5.1 Medium |
| A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | ||||
| CVE-2020-10711 | 5 Canonical, Debian, Linux and 2 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-11-21 | 5.9 Medium |
| A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. | ||||
| CVE-2020-10685 | 2 Debian, Redhat | 6 Debian Linux, Ansible Engine, Ansible Tower and 3 more | 2024-11-21 | 5 Medium |
| A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. | ||||