Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14818 | 3 Dpdk, Fedoraproject, Redhat | 7 Data Plane Development Kit, Fedora, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. | ||||
| CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. | ||||
| CVE-2019-14378 | 2 Libslirp Project, Redhat | 7 Libslirp, Advanced Virtualization, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | ||||
| CVE-2019-14235 | 3 Djangoproject, Opensuse, Redhat | 3 Django, Leap, Openstack | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | ||||
| CVE-2019-14234 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 4 Debian Linux, Django, Fedora and 1 more | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function. | ||||
| CVE-2019-14233 | 3 Djangoproject, Opensuse, Redhat | 3 Django, Leap, Openstack | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. | ||||
| CVE-2019-14232 | 3 Djangoproject, Opensuse, Redhat | 3 Django, Leap, Openstack | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | ||||
| CVE-2019-12781 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP. | ||||
| CVE-2019-12155 | 2 Qemu, Redhat | 5 Qemu, Advanced Virtualization, Enterprise Linux and 2 more | 2024-11-21 | N/A |
| interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4.0.0 has a NULL pointer dereference. | ||||
| CVE-2019-11596 | 3 Canonical, Memcached, Redhat | 4 Ubuntu Linux, Memcached, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c. | ||||
| CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 114 Backdrop, Debian Linux, Drupal and 111 more | 2024-11-21 | 6.1 Medium |
| jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | ||||
| CVE-2019-11291 | 2 Redhat, Vmware | 2 Openstack, Rabbitmq | 2024-11-21 | 4.8 Medium |
| Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. | ||||
| CVE-2019-11287 | 5 Debian, Fedoraproject, Pivotal Software and 2 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2024-11-21 | 7.5 High |
| Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. | ||||
| CVE-2019-11281 | 4 Debian, Fedoraproject, Pivotal Software and 1 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2024-11-21 | 4.8 Medium |
| Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information. | ||||
| CVE-2019-11253 | 2 Kubernetes, Redhat | 5 Kubernetes, Openshift, Openshift Container Platform and 2 more | 2024-11-21 | 7.5 High |
| Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. | ||||
| CVE-2019-11091 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Data Sampling Uncacheable Memory, Microarchitectural Data Sampling Uncacheable Memory Firmware and 10 more | 2024-11-21 | N/A |
| Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2019-10876 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2024-11-21 | N/A |
| An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected. | ||||
| CVE-2019-10768 | 2 Angularjs, Redhat | 4 Angular.js, Amq Broker, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
| In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload. | ||||
| CVE-2019-10206 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-11-21 | 6.5 Medium |
| ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. | ||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more | 2024-11-21 | 7.2 High |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | ||||