Total
204 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9590 | 2 Openstack, Redhat | 2 Puppet-swift, Openstack | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. | |||||
| CVE-2017-18191 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2018-2668 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-10855 | 3 Canonical, Debian, Redhat | 6 Ubuntu Linux, Debian Linux, Ansible Engine and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | |||||
| CVE-2018-1000115 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. | |||||
| CVE-2018-2640 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2819 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-10892 | 4 Docker, Mobyproject, Opensuse and 1 more | 6 Docker, Moby, Leap and 3 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. | |||||
| CVE-2018-2622 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-1000127 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. | |||||
| CVE-2016-9587 | 2 Ansible, Redhat | 3 Ansible, Ansible, Openstack | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
| Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | |||||
| CVE-2018-2755 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 3.7 LOW | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-2665 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 4 Ubuntu Linux, Debian Linux, Django and 1 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | |||||
| CVE-2018-2761 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-2615 | 5 Citrix, Debian, Qemu and 2 more | 10 Xenserver, Debian Linux, Qemu and 7 more | 2024-02-04 | 9.0 HIGH | 9.1 CRITICAL |
| Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | |||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||||
| CVE-2018-2771 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 3.5 LOW | 4.4 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2781 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||