Redhat Openstack vulnerabilities

CVE-2016-6519 [MEDIUM] CWE-79 CVE-2016-6519: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 a Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

CVE-2014-5009 [CRITICAL] CVE-2014-5009: Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due t Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.

CVE-2014-5008 [CRITICAL] CWE-77 CVE-2014-5008: Snoopy allows remote attackers to execute arbitrary commands. Snoopy allows remote attackers to execute arbitrary commands.

CVE-2008-7313 [CRITICAL] CVE-2008-7313: The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: t The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

CVE-2017-5973 [MEDIUM] CWE-835 CVE-2017-5973: The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

CVE-2016-7103 [MEDIUM] CWE-79 CVE-2016-7103: Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVE-2016-9907 [MEDIUM] CWE-772 CVE-2016-9907: Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leak Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

CVE-2016-9911 [MEDIUM] CWE-772 CVE-2016-9911: Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage is Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.

CVE-2016-9921 [MEDIUM] CWE-369 CVE-2016-9921: Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.

CVE-2016-7422 [MEDIUM] CWE-120 CVE-2016-7422: The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local gues The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.

CVE-2016-6888 [MEDIUM] CWE-190 CVE-2016-6888: Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.

CVE-2016-7466 [MEDIUM] CWE-772 CVE-2016-7466: Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when th Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.

CVE-2016-8909 [MEDIUM] CWE-835 CVE-2016-8909: The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.

CVE-2016-8669 [MEDIUM] CWE-369 CVE-2016-8669: The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.

CVE-2016-8910 [MEDIUM] CWE-835 CVE-2016-8910: The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local gu The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.

CVE-2016-8576 [MEDIUM] CWE-770 CVE-2016-8576: The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.

CVE-2016-6662 [CRITICAL] CWE-264 CVE-2016-6662: Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting genera

CVE-2016-5403 [MEDIUM] CWE-400 CVE-2016-5403: The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cau The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.

CVE-2016-4985 [HIGH] CWE-200 CVE-2016-4985: The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allo The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.

CVE-2016-4428 [MEDIUM] CWE-79 CVE-2016-4428: Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0. Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.