Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack-optools
Subscriptions
Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3637 | 1 Redhat | 3 Openstack, Openstack-optools, Openstack Platform | 2024-11-23 | 4.3 Medium |
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | ||||
CVE-2023-3223 | 1 Redhat | 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more | 2024-11-21 | 7.5 High |
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | ||||
CVE-2020-13482 | 3 Em-http-request Project, Fedoraproject, Redhat | 3 Em-http-request, Fedora, Openstack-optools | 2024-11-21 | 7.4 High |
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | ||||
CVE-2019-10192 | 5 Canonical, Debian, Oracle and 2 more | 12 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 9 more | 2024-11-21 | 7.2 High |
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. | ||||
CVE-2019-0223 | 2 Apache, Redhat | 17 Qpid, A Mq Clients, Cloudforms Managementengine and 14 more | 2024-11-21 | 7.4 High |
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. | ||||
CVE-2018-1000060 | 2 Redhat, Sensu | 2 Openstack-optools, Sensu Core | 2024-11-21 | N/A |
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b. | ||||
CVE-2017-7401 | 2 Collectd, Redhat | 5 Collectd, Enterprise Linux, Openstack-optools and 2 more | 2024-11-21 | N/A |
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet. | ||||
CVE-2017-16820 | 2 Collectd, Redhat | 5 Collectd, Enterprise Linux, Openstack-optools and 2 more | 2024-11-21 | N/A |
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). | ||||
CVE-2017-10906 | 2 Fluentd, Redhat | 3 Fluentd, Openstack, Openstack-optools | 2024-11-21 | N/A |
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. | ||||
CVE-2016-6186 | 3 Debian, Djangoproject, Redhat | 4 Debian Linux, Django, Openstack and 1 more | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML. | ||||
CVE-2016-2513 | 2 Djangoproject, Redhat | 3 Django, Openstack, Openstack-optools | 2024-11-21 | N/A |
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests. | ||||
CVE-2016-2512 | 2 Djangoproject, Redhat | 3 Django, Openstack, Openstack-optools | 2024-11-21 | N/A |
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. | ||||
CVE-2015-8213 | 2 Djangoproject, Redhat | 3 Django, Openstack, Openstack-optools | 2024-11-21 | N/A |
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY. | ||||
CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Leap, Opensuse and 3 more | 2024-11-21 | 7.5 High |
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. |
Page 1 of 1.