Filtered by vendor Redhat Subscriptions
Filtered by product Openstack-optools Subscriptions
Total 14 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-3637 1 Redhat 3 Openstack, Openstack-optools, Openstack Platform 2024-09-16 4.3 Medium
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
CVE-2015-8213 2 Djangoproject, Redhat 3 Django, Openstack, Openstack-optools 2024-08-06 N/A
The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY.
CVE-2015-8080 4 Debian, Opensuse, Redhat and 1 more 6 Debian Linux, Leap, Opensuse and 3 more 2024-08-06 7.5 High
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
CVE-2016-6186 3 Debian, Djangoproject, Redhat 4 Debian Linux, Django, Openstack and 1 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
CVE-2016-2512 2 Djangoproject, Redhat 3 Django, Openstack, Openstack-optools 2024-08-05 N/A
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
CVE-2016-2513 2 Djangoproject, Redhat 3 Django, Openstack, Openstack-optools 2024-08-05 N/A
The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests.
CVE-2017-16820 2 Collectd, Redhat 5 Collectd, Enterprise Linux, Openstack-optools and 2 more 2024-08-05 N/A
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
CVE-2017-10906 2 Fluentd, Redhat 3 Fluentd, Openstack, Openstack-optools 2024-08-05 N/A
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
CVE-2017-7401 2 Collectd, Redhat 5 Collectd, Enterprise Linux, Openstack-optools and 2 more 2024-08-05 N/A
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
CVE-2018-1000060 2 Redhat, Sensu 2 Openstack-optools, Sensu Core 2024-08-05 N/A
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b.
CVE-2019-10192 5 Canonical, Debian, Oracle and 2 more 12 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 9 more 2024-08-04 7.2 High
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVE-2019-0223 2 Apache, Redhat 17 Qpid, A Mq Clients, Cloudforms Managementengine and 14 more 2024-08-04 7.4 High
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
CVE-2020-13482 3 Em-http-request Project, Fedoraproject, Redhat 3 Em-http-request, Fedora, Openstack-optools 2024-08-04 7.4 High
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
CVE-2023-3223 1 Redhat 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more 2024-08-02 7.5 High
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.