CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Openstack » 6.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-10664 DoS 2017-08-02 2021-08-04
5.0
None Remote Low Not required None None Partial
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
2 CVE-2017-9214 191 2017-05-23 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
3 CVE-2017-8379 772 DoS 2017-05-23 2021-08-04
4.9
None Local Low Not required None None Complete
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.
4 CVE-2017-8309 772 DoS 2017-05-23 2021-08-04
7.8
None Remote Low Not required None None Complete
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
5 CVE-2017-7980 119 DoS Exec Code Overflow 2017-07-25 2021-08-04
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
6 CVE-2017-7539 20 DoS 2018-07-26 2021-08-04
5.0
None Remote Low Not required None None Partial
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service.
7 CVE-2017-5973 835 DoS 2017-03-27 2021-08-04
2.1
None Local Low Not required None None Partial
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
8 CVE-2017-2620 125 Exec Code 2018-07-27 2021-08-04
9.0
None Remote Low ??? Complete Complete Complete
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
9 CVE-2017-2615 125 Exec Code 2018-07-03 2021-08-04
9.0
None Remote Low ??? Complete Complete Complete
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
10 CVE-2016-9921 369 2016-12-23 2021-08-04
2.1
None Local Low Not required None None Partial
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
11 CVE-2016-9911 772 2016-12-23 2021-08-04
4.9
None Local Low Not required None None Complete
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
12 CVE-2016-9907 772 2016-12-23 2021-08-04
4.9
None Local Low Not required None None Complete
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
13 CVE-2016-9603 119 Exec Code Overflow 2018-07-27 2021-08-04
9.0
None Remote Low ??? Complete Complete Complete
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
14 CVE-2016-8910 835 DoS 2016-11-04 2021-08-04
2.1
None Local Low Not required None None Partial
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
15 CVE-2016-8909 835 DoS 2016-11-04 2021-08-04
2.1
None Local Low Not required None None Partial
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
16 CVE-2016-8669 369 DoS 2016-11-04 2021-08-04
2.1
None Local Low Not required None None Partial
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
17 CVE-2016-8576 770 DoS 2016-11-04 2021-08-04
2.1
None Local Low Not required None None Partial
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
18 CVE-2016-7466 772 DoS 2016-12-10 2021-08-04
1.9
None Local Medium Not required None None Partial
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
19 CVE-2016-7422 120 DoS 2016-12-10 2021-08-04
2.1
None Local Low Not required None None Partial
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
20 CVE-2016-6888 190 DoS Overflow 2016-12-10 2021-08-04
2.1
None Local Low Not required None None Partial
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
21 CVE-2016-6662 264 Exec Code Bypass 2016-09-20 2021-08-04
10.0
None Remote Low Not required Complete Complete Complete
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
22 CVE-2016-5403 400 DoS 2016-08-02 2021-08-04
4.9
None Local Low Not required None None Complete
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
23 CVE-2016-5126 787 DoS Exec Code Overflow 2016-06-01 2021-08-04
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
24 CVE-2016-4428 79 XSS 2016-07-12 2021-08-04
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
25 CVE-2016-4020 +Info 2016-05-25 2021-08-04
2.1
None Local Low Not required Partial None None
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
26 CVE-2016-3710 119 Exec Code Overflow 2016-05-11 2021-08-04
7.2
None Local Low Not required Complete Complete Complete
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
27 CVE-2016-2857 119 DoS Overflow 2016-04-12 2021-08-04
3.6
None Local Low Not required Partial None Partial
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
28 CVE-2016-1568 416 DoS Exec Code 2016-04-12 2020-10-15
6.9
None Local Medium Not required Complete Complete Complete
Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command.
29 CVE-2015-6815 835 DoS 2020-01-31 2021-11-30
2.7
None Local Network Low ??? None None Partial
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
30 CVE-2015-5225 119 DoS Exec Code Overflow Mem. Corr. 2015-11-06 2017-11-04
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface.
31 CVE-2015-5165 908 2015-08-12 2022-02-11
9.3
None Remote Medium Not required Complete Complete Complete
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
32 CVE-2015-3456 119 DoS Exec Code Overflow 2015-05-13 2021-11-17
7.7
None Local Network Low ??? Complete Complete Complete
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
33 CVE-2015-3214 119 Exec Code Overflow 2015-08-31 2022-02-20
6.9
None Local Medium Not required Complete Complete Complete
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
34 CVE-2015-0271 200 +Info 2015-03-10 2015-10-05
4.0
None Remote Low ??? Partial None None
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
35 CVE-2014-5009 77 Exec Code 2017-03-31 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
36 CVE-2014-5008 77 Exec Code 2017-03-31 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
Snoopy allows remote attackers to execute arbitrary commands.
37 CVE-2012-6685 776 2020-02-19 2020-02-25
5.0
None Remote Low Not required Partial None None
Nokogiri before 1.5.4 is vulnerable to XXE attacks
38 CVE-2008-7313 77 Exec Code 2017-03-31 2017-04-04
7.5
None Remote Low Not required Partial Partial Partial
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.