Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1738 | 1 Redhat | 4 Ansible, Ansible Tower, Cloudforms Management Engine and 1 more | 2024-11-21 | 3.9 Low |
| A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | ||||
| CVE-2020-1736 | 2 Fedoraproject, Redhat | 6 Fedora, Ansible, Ansible Engine and 3 more | 2024-11-21 | 2.2 Low |
| A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | ||||
| CVE-2020-1735 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Ansible and 4 more | 2024-11-21 | 4.2 Medium |
| A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | ||||
| CVE-2020-1733 | 3 Debian, Fedoraproject, Redhat | 7 Debian Linux, Fedora, Ansible and 4 more | 2024-11-21 | 5 Medium |
| A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'. | ||||
| CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 9 Debian Linux, Leap, Qemu and 6 more | 2024-11-21 | 7.7 High |
| An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host. | ||||
| CVE-2020-1690 | 1 Redhat | 3 Openstack, Openstack-selinux, Openstack Platform | 2024-11-21 | 6.5 Medium |
| An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. | ||||
| CVE-2020-17376 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | 8.3 High |
| An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. | ||||
| CVE-2020-16092 | 5 Canonical, Debian, Opensuse and 2 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2024-11-21 | 3.8 Low |
| In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this flaw to abort the QEMU process on the host, resulting in a denial of service condition in net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c. | ||||
| CVE-2020-15257 | 4 Debian, Fedoraproject, Linuxfoundation and 1 more | 4 Debian Linux, Fedora, Containerd and 1 more | 2024-11-21 | 5.2 Medium |
| containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. | ||||
| CVE-2020-15180 | 5 Debian, Galeracluster, Mariadb and 2 more | 9 Debian Linux, Galera Cluster For Mysql, Mariadb and 6 more | 2024-11-21 | 9.0 Critical |
| A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | ||||
| CVE-2020-15136 | 2 Fedoraproject, Redhat | 4 Fedora, Etcd, Openshift and 1 more | 2024-11-21 | 6.5 Medium |
| In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality. | ||||
| CVE-2020-15115 | 2 Fedoraproject, Redhat | 3 Fedora, Etcd, Openstack | 2024-11-21 | 5.8 Medium |
| etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort. | ||||
| CVE-2020-15114 | 2 Fedoraproject, Redhat | 4 Fedora, Etcd, Openshift and 1 more | 2024-11-21 | 7.7 High |
| In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. | ||||
| CVE-2020-15113 | 3 Etcd, Fedoraproject, Redhat | 4 Etcd, Fedora, Openshift and 1 more | 2024-11-21 | 5.7 Medium |
| In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | ||||
| CVE-2020-15112 | 3 Etcd, Fedoraproject, Redhat | 5 Etcd, Fedora, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry. | ||||
| CVE-2020-15106 | 3 Etcd, Fedoraproject, Redhat | 5 Etcd, Fedora, Openshift and 2 more | 2024-11-21 | 6.5 Medium |
| In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL. | ||||
| CVE-2020-14364 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-11-21 | 5.0 Medium |
| An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | ||||
| CVE-2020-14355 | 5 Canonical, Debian, Opensuse and 2 more | 12 Ubuntu Linux, Debian Linux, Leap and 9 more | 2024-11-21 | 6.6 Medium |
| Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. | ||||
| CVE-2020-13254 | 7 Canonical, Debian, Djangoproject and 4 more | 8 Ubuntu Linux, Debian Linux, Django and 5 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | ||||
| CVE-2020-12692 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-11-21 | 5.4 Medium |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | ||||