CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-20191 – ansible: multiple modules expose secured values
https://notcve.org/view.php?id=CVE-2021-20191
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1916813 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://access.redhat.com/security/cve/CVE-2021-20191 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14340 – xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
https://notcve.org/view.php?id=CVE-2020-14340
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Se detectó una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolección de basura. Puede permitir al atacante causar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1860218 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-14340 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1780
https://notcve.org/view.php?id=CVE-2015-1780
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center Los usuarios de oVirt con permisos MANIPULATE_STORAGE_DOMAIN pueden adjuntar un dominio de almacenamiento en cualquier centro de datos. • https://access.redhat.com/security/cve/cve-2015-1780 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1780 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 2CVE-2019-14859 – python-ecdsa: DER encoding is not being verified in signatures
https://notcve.org/view.php?id=CVE-2019-14859
A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. Se encontró un fallo en todas las versiones de python-ecdsa anteriores a la versión 0.13.3, donde no se comprobaba correctamente si las firmas usaban codificación DER. Sin esta comprobación, se podría aceptar una firma malformada, haciendo que la firma sea maleable. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14859 https://github.com/warner/python-ecdsa/issues/114 https://github.com/warner/python-ecdsa/releases/tag/python-ecdsa-0.13.3 https://pypi.org/project/ecdsa/0.13.3 https://access.redhat.com/security/cve/CVE-2019-14859 https://bugzilla.redhat.com/show_bug.cgi?id=1760843 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2014-8167
https://notcve.org/view.php?id=CVE-2014-8167
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack vdsm y vdsclient no comprueban la certificación del nombre de host desde otro vdsm, lo que podría facilitar un ataque de tipo man-in-the-middle. • https://access.redhat.com/security/cve/cve-2014-8167 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8167 • CWE-295: Improper Certificate Validation •