Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat openstack 8 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2017-7539
An assertion-failure flaw was found in Qemu prior to 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation....
Qemu QemuRedhat Openstack 7.0Redhat Openstack 6.0Redhat Virtualization 4.0Redhat Openstack 10Redhat Openstack 9Redhat Openstack 8Redhat Openstack 11Redhat Virtualization 3.0
1.9
CVSSv2
CVE-2016-7466
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
Qemu QemuOpensuse Leap 42.2Redhat Openstack 7.0Redhat Openstack 6.0Redhat Openstack 10Redhat Openstack 9Redhat Openstack 8Redhat Openstack 11Redhat Virtualization 4.0
2.1
CVSSv2
CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
Qemu Qemu -Redhat Enterprise Linux 6.0Redhat Enterprise Linux 7.0Redhat Openstack 9Redhat Openstack 10Redhat Openstack 12Redhat Openstack 13Redhat Openstack 8
7.5
CVSSv2
CVE-2015-5741
The net/http library in net/http/transfer.go in Go prior to 1.4.3 does not properly parse HTTP headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Golang GoRedhat Openstack 7.0Redhat Openstack 8Redhat Enterprise Linux 7.0
2.1
CVSSv2
CVE-2016-9921
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process inst...
Qemu QemuQemu Qemu 2.8.0Debian Debian Linux 8.0Redhat Openstack 7.0Redhat Openstack 6.0Redhat Openstack 10Redhat Openstack 9Redhat Openstack 8Redhat Openstack 11Redhat Virtualization 4.0
2.1
CVSSv2
CVE-2016-8669
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
Qemu QemuOpensuse Leap 42.2Redhat Openstack 7.0Redhat Openstack 6.0Redhat Openstack 10Redhat Openstack 9Redhat Openstack 8Redhat Openstack 11Redhat Virtualization 4.0Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Openvswitch Openvswitch 2.7.0Debian Debian Linux 9.0Redhat Openstack 6.0Redhat Openstack 7.0Redhat Openstack 8Redhat Openstack 9Redhat Openstack 10Redhat Openstack 11Redhat Virtualization 4.1Redhat Virtualization Manager 4.1Redhat Virtualization 4.0
9
CVSSv2
CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support prior to 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process insi...
Qemu QemuRedhat Enterprise Linux Desktop 7.0Citrix Xenserver 7.0Redhat Enterprise Linux Workstation 7.0Citrix Xenserver 7.1Redhat Openstack 5.0Redhat Enterprise Linux Server 7.0Redhat Openstack 7.0Citrix Xenserver 6.0.2Debian Debian Linux 7.0Citrix Xenserver 6.5Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Citrix Xenserver 6.2.0Redhat Enterprise Linux Workstation 6.0Redhat Openstack 6.0Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Eus 7.3Redhat Enterprise Linux Server Eus 7.4Redhat Enterprise Linux Server Eus 7.5Redhat Openstack 10
4.3
CVSSv2
CVE-2020-1758
A flaw was found in Keycloak in versions prior to 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an malicious user to perform a man-in-the-middle (MITM) attack.
Redhat KeycloakRedhat Openstack 10
4.6
CVSSv2
CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and previous versions allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation...
Qemu QemuCanonical Ubuntu Linux 14.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 16.10Canonical Ubuntu Linux 17.04Debian Debian Linux 8.0Redhat Openstack 6.0Redhat Openstack 7.0Redhat Openstack 8Redhat Openstack 10Redhat Openstack 9Redhat Openstack 5.0Redhat Virtualization 3.0Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Aus 7.6Redhat Enterprise Linux Server Eus 7.3Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook