Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
703 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-14042 | 2 Getbootstrap, Redhat | 6 Bootstrap, Enterprise Linux, Jboss Enterprise Application Platform and 3 more | 2024-08-05 | N/A |
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | ||||
CVE-2018-12326 | 2 Redhat, Redislabs | 3 Openstack, Rhel Software Collections, Redis | 2024-08-05 | N/A |
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. | ||||
CVE-2018-12126 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more | 2024-08-05 | N/A |
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
CVE-2018-12130 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more | 2024-08-05 | N/A |
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
CVE-2018-12127 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more | 2024-08-05 | N/A |
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
CVE-2018-11806 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2024-08-05 | 8.2 High |
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | ||||
CVE-2018-11219 | 4 Debian, Oracle, Redhat and 1 more | 5 Debian Linux, Communications Operations Monitor, Openstack and 2 more | 2024-08-05 | N/A |
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | ||||
CVE-2018-11218 | 4 Debian, Oracle, Redhat and 1 more | 5 Debian Linux, Communications Operations Monitor, Openstack and 2 more | 2024-08-05 | N/A |
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | ||||
CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 12 Ubuntu Linux, Debian Linux, Postgresql and 9 more | 2024-08-05 | N/A |
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | ||||
CVE-2018-10903 | 3 Canonical, Cryptography, Redhat | 3 Ubuntu Linux, Python-cryptography, Openstack | 2024-08-05 | N/A |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. | ||||
CVE-2018-10899 | 2 Jolokia, Redhat | 4 Jolokia, Jboss Amq, Jboss Fuse and 1 more | 2024-08-05 | N/A |
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | ||||
CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 7 Docker, Moby, Leap and 4 more | 2024-08-05 | 5.3 Medium |
The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | ||||
CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-08-05 | N/A |
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | ||||
CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 12 Ubuntu Linux, Debian Linux, Ansible Engine and 9 more | 2024-08-05 | 7.8 High |
A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | ||||
CVE-2018-10855 | 3 Canonical, Debian, Redhat | 8 Ubuntu Linux, Debian Linux, Ansible Engine and 5 more | 2024-08-05 | 5.9 Medium |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | ||||
CVE-2018-10874 | 1 Redhat | 5 Ansible Engine, Enterprise Linux, Openstack and 2 more | 2024-08-05 | N/A |
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | ||||
CVE-2018-10237 | 3 Google, Oracle, Redhat | 21 Guava, Banking Payments, Communications Ip Service Activator and 18 more | 2024-08-05 | 5.9 Medium |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | ||||
CVE-2018-7858 | 4 Canonical, Opensuse, Qemu and 1 more | 11 Ubuntu Linux, Leap, Qemu and 8 more | 2024-08-05 | 5.5 Medium |
Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. | ||||
CVE-2018-7550 | 4 Canonical, Debian, Qemu and 1 more | 11 Ubuntu Linux, Debian Linux, Qemu and 8 more | 2024-08-05 | 8.8 High |
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | ||||
CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-08-05 | N/A |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. |