CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3830 – openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files
https://notcve.org/view.php?id=CVE-2019-3830
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. Se ha detectado una vulnerabilidad en ceilometer, en versiones anteriores a la 12.0.0.0rc1. Una exposición de información en ceilometer-agent imprime los datos sensibles de configuración en archivos de registro sin que esté activado el registro de DEBUG. A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. • https://access.redhat.com/errata/RHSA-2019:0919 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3830 https://access.redhat.com/security/cve/CVE-2019-3830 https://bugzilla.redhat.com/show_bug.cgi?id=1677389 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 1CVE-2019-9735 – openstack-neutron: incorrect validation of port settings in iptables security group driver
https://notcve.org/view.php?id=CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.) Se ha detectado un fallo en el módulo de firewall iptables en OpenStack Neutron en versiones anteriores a la 10.0.8, en las 11.x anteriores a la 11.0.7, en las 12.x anteriores a la 12.0.6 y en las 13.x anteriores a la 13.0.3. Al establecer un puerto de destino en una regla de grupo de seguridad, junto con un protocolo que no soporta dicha opción (p.ej., VRRP), un usuario autenticado podría bloquear la mayor aplicación de esas reglas de grupo de seguridad para instancias desde cualquier project/tenant en los hosts de computación a los cuales se aplican. • http://www.openwall.com/lists/oss-security/2019/03/18/2 http://www.securityfocus.com/bid/107390 https://access.redhat.com/errata/RHSA-2019:0879 https://access.redhat.com/errata/RHSA-2019:0916 https://access.redhat.com/errata/RHSA-2019:0935 https://launchpad.net/bugs/1818385 https://seclists.org/bugtraq/2019/Mar/24 https://security.openstack.org/ossa/OSSA-2019-001.html https://usn.ubuntu.com/4036-1 https://www.debian.org/security/2019/dsa-4409 https://a • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2018-16876 – ansible: Information disclosure in vvv+ mode with no_log on
https://notcve.org/view.php?id=CVE-2018-16876
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data. ansible en versiones anteriores a las 2.5.14, 2.6.11 y 2.7.5 es vulnerable a un fallo de divulgación de información en el modo vvv+ con "no_log" habilitado, el cual podría provocar el filtrado de datos sensibles. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html http://www.securityfocus.com/bid/106225 https://access.redhat.com/errata/RHSA-2018:3835 https://access.redhat.com/errata/RHSA-2018:3836 https://access.redhat.com/errata/RHSA-2018:3837 https://access.redhat.com/errata/RHSA-2018:3838 https://access.redhat.com/errata& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16849
https://notcve.org/view.php?id=CVE-2018-16849
A flaw was found in openstack-mistral. By manipulating the SSH private key filename, the std.ssh action can be used to disclose the presence of arbitrary files within the filesystem of the executor running the action. Since std.ssh private_key_filename can take an absolute path, it can be used to assess whether or not a file exists on the executor's filesystem. Se ha encontrado un error en openstack-mistral. Al manipular el nombre de archivo de la clave privada SSH, la acción std.ssh puede emplearse para revelar la presencia de archivos arbitrarios en el sistema de archivos del ejecutor que lleva a cabo la acción. • https://bugs.launchpad.net/mistral/+bug/1783708 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16849 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18438
https://notcve.org/view.php?id=CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. Qemu tiene desbordamientos de enteros debido a que IOReadHandler y sus funciones asociadas emplean un tipo de datos de enteros firmados para un valor tamaño. • http://www.openwall.com/lists/oss-security/2018/10/17/3 http://www.securityfocus.com/bid/105953 https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html • CWE-190: Integer Overflow or Wraparound •