CVE-2019-14433 – openstack-nova: Nova server resource faults leak external exception details
https://notcve.org/view.php?id=CVE-2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. Se detectó un problema en OpenStack Nova en versiones anteriores a 17.0.12, versiones 18.x anteriores a 18.2.2, y versiones 19.x anteriores a 19.0.2. Si una petición de la API de un usuario autenticado termina en una condición de fallo debido a una excepción externa, los detalles del entorno subyacente puede ser filtrados en la respuesta, y podrían incluir una configuración confidencial u otros datos. A vulnerability was found in the Nova Compute resource fault handling. • http://www.openwall.com/lists/oss-security/2019/08/06/6 https://access.redhat.com/errata/RHSA-2019:2622 https://access.redhat.com/errata/RHSA-2019:2631 https://access.redhat.com/errata/RHSA-2019:2652 https://launchpad.net/bugs/1837877 https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html https://security.openstack.org/ossa/OSSA-2019-003.html https://usn.ubuntu.com/4104-1 https://access.redhat.com/security/cve/CVE-2019-14433 https://bugzilla.redhat. • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2019-10192 – redis: Heap buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10192
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4 de Redis. Por la corrupción cuidadosa de un hyperloglog usando el comando SETRANGE, un atacante podría engañar la interpretación de Redis de codificación HLL densa para escribir hasta 3 bytes más allá del final de un búfer asignado a la pila. A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2506 https://access.redhat.com/errata/RHSA-2019:2508 https://access.redhat.com/errata/RHSA-2019:2621 https://access.redhat.com/errata/RHSA-2019:2630 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192 https://raw.githubusercontent.com/antir • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-10193 – redis: Stack buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10193
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4. Por la corrupción de un hiperloglog usando el comando SETRANGE, un atacante podría causar que Redis realizara incrementos controlados de hasta 12 bytes más allá del final de un búfer asignado a la pila. A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:2002 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://seclists.org/bugtraq/2019/Jul/19 https://security.gentoo.org/glsa/201908-0 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-10141 – openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
https://notcve.org/view.php?id=CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. • https://access.redhat.com/errata/RHSA-2019:2505 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141 https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-9735 – openstack-neutron: incorrect validation of port settings in iptables security group driver
https://notcve.org/view.php?id=CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.) Se ha detectado un fallo en el módulo de firewall iptables en OpenStack Neutron en versiones anteriores a la 10.0.8, en las 11.x anteriores a la 11.0.7, en las 12.x anteriores a la 12.0.6 y en las 13.x anteriores a la 13.0.3. Al establecer un puerto de destino en una regla de grupo de seguridad, junto con un protocolo que no soporta dicha opción (p.ej., VRRP), un usuario autenticado podría bloquear la mayor aplicación de esas reglas de grupo de seguridad para instancias desde cualquier project/tenant en los hosts de computación a los cuales se aplican. • http://www.openwall.com/lists/oss-security/2019/03/18/2 http://www.securityfocus.com/bid/107390 https://access.redhat.com/errata/RHSA-2019:0879 https://access.redhat.com/errata/RHSA-2019:0916 https://access.redhat.com/errata/RHSA-2019:0935 https://launchpad.net/bugs/1818385 https://seclists.org/bugtraq/2019/Mar/24 https://security.openstack.org/ossa/OSSA-2019-001.html https://usn.ubuntu.com/4036-1 https://www.debian.org/security/2019/dsa-4409 https://a • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •