Vulnerabilities > Redhat > Openstack > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-13 CVE-2018-1000127 Improper Locking vulnerability in multiple products
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list.
network
low complexity
memcached debian canonical redhat CWE-667
7.5
2018-03-05 CVE-2018-1000115 Resource Exhaustion vulnerability in multiple products
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources).
network
low complexity
memcached canonical debian redhat CWE-400
7.5
2018-02-19 CVE-2017-18191 An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1.
network
low complexity
openstack redhat
7.5
2018-01-18 CVE-2018-2562 Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition).
network
low complexity
oracle mariadb debian canonical netapp redhat
7.1
2017-08-02 CVE-2017-10664 qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
network
low complexity
qemu debian redhat
7.5
2017-07-25 CVE-2017-7980 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
local
low complexity
qemu canonical debian redhat CWE-119
7.8
2017-05-23 CVE-2017-8309 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.
network
low complexity
qemu debian redhat CWE-772
7.5
2016-07-12 CVE-2016-4985 Information Exposure vulnerability in multiple products
The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource.
network
low complexity
redhat canonical CWE-200
7.5
2016-06-30 CVE-2016-4474 7PK - Security Features vulnerability in Redhat Openstack 7.0/8
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
low complexity
redhat CWE-254
8.8
2016-06-01 CVE-2016-5126 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.
local
low complexity
qemu canonical oracle debian redhat CWE-787
7.8