Redhat Openstack vulnerabilities

CVE-2019-10193 [HIGH] CWE-121 CVE-2019-10193: A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

CVE-2019-10192 [HIGH] CWE-122 CVE-2019-10192: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

CVE-2019-3895 [HIGH] CWE-284 CVE-2019-3895: An access-control flaw was found in the Octavia service when the cloud platform was deployed using R An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compr

CVE-2019-0223 [HIGH] CVE-2019-0223: While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack cou

CVE-2019-10876 [MEDIUM] CVE-2019-10876: An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) fire

CVE-2019-3830 [HIGH] CWE-532 CVE-2019-3830: A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilo A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

CVE-2018-16856 [HIGH] CWE-532 CVE-2018-16856: In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions ope In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

CVE-2019-9735 [MEDIUM] CWE-755 CVE-2019-9735: An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x bef An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security gr

CVE-2018-16876 [MEDIUM] CWE-200 CVE-2018-16876: ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

CVE-2016-2121 [MEDIUM] CWE-732 CVE-2016-2121: A permissions flaw was found in redis, which sets weak permissions on certain files and directories A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

CVE-2018-18438 [MEDIUM] CWE-190 CVE-2018-18438: Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer d Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

CVE-2018-17963 [CRITICAL] CWE-190 CVE-2018-17963: qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

CVE-2018-1000807 [HIGH] CWE-416 CVE-2018-1000807: Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use Aft Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a referen

CVE-2018-1000808 [MEDIUM] CWE-404 CVE-2018-1000808: Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Rel Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends upon calling application, however it could be as s

CVE-2018-17205 [HIGH] CWE-617 CVE-2018-17205: An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ i An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows tha

CVE-2018-17204 [MEDIUM] CWE-617 CVE-2018-17204: An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_se An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. Thi

CVE-2018-17206 [MEDIUM] CWE-125 CVE-2018-17206: An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

CVE-2018-14620 [CRITICAL] CWE-494 CVE-2018-14620: The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HT The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat O

CVE-2018-14635 [MEDIUM] CWE-20 CVE-2018-14635: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports w When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of opensta

CVE-2017-15139 [HIGH] CWE-200 CVE-2017-15139: A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly cr A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.