CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2017-7539 – Qemu: qemu-nbd crashes due to undefined I/O coroutine
https://notcve.org/view.php?id=CVE-2017-7539
05 Sep 2017 — An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. Se ha detectado un fallo de aserción en Qemu en versiones anteriores a la 2.10.1 en la negociación de conexión inicial de los servid... • http://www.openwall.com/lists/oss-security/2017/07/21/4 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7549 – instack-undercloud: uses hardcoded /tmp paths
https://notcve.org/view.php?id=CVE-2017-7549
30 Aug 2017 — A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un error en la versión 7.2.0 de instack-undercloud tal y como viene incorporado en Red Hat ... • http://www.securityfocus.com/bid/100407 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7543 – openstack-neutron: iptables not active after update
https://notcve.org/view.php?id=CVE-2017-7543
08 Aug 2017 — A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Se ha descubierto una condición de ... • http://www.securityfocus.com/bid/100237 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 5%CPEs: 25EXPL: 0CVE-2017-10664 – Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort
https://notcve.org/view.php?id=CVE-2017-10664
26 Jul 2017 — qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. qemu-nbd en QEMU (Quick Emulator) no ignora la señal SIGPIPE, lo que permite a atacantes remotos provocar una denegación de servicio desconectando el proceso durante un intento de respuesta de servidor a cliente. Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash ... • http://www.debian.org/security/2017/dsa-3920 • CWE-248: Uncaught Exception •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2622 – openstack-mistral: /var/log/mistral/ is world readable
https://notcve.org/view.php?id=CVE-2017-2622
28 Jun 2017 — An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Se ha encontrado un fallo de accesibilidad en el servicio de OpenStack Workflow (mistral) en el que un directorio de registro de servicio se hacía legible para todos los usuarios de manera incorrecta. Un usuario malicioso del sistema podría explotar esta vulnerabilidad para acceder a info... • https://access.redhat.com/errata/RHSA-2017:1584 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 1CVE-2017-2673 – openstack-keystone: Incorrect role assignment with federated Keystone
https://notcve.org/view.php?id=CVE-2017-2673
14 Jun 2017 — An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. Se ha descubierto un error de comprobación de autorización en las configuraciones de federación del servicio Identity de OpenStack (keystone). Un usuario autenticado federado podría solicitar permisos para un proyecto y, de forma no intencion... • http://seclists.org/oss-sec/2017/q2/125 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 5%CPEs: 12EXPL: 0CVE-2017-9214 – openvswitch: Integer underflow in the ofputil_pull_queue_get_config_reply10 function
https://notcve.org/view.php?id=CVE-2017-9214
23 May 2017 — In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. En Open vSwitch (OvS) versión 2.7.0, mientras analiza un mensaje OFPT_QUEUE_GET_CONFIG_REPLY tipo OFP versión 1.0, se presenta una lectura excesiva búfer causada por un desbordamiento de enteros sin signo en la función “ofputil_pull_queue_get_config_reply10” en l... • https://access.redhat.com/errata/RHSA-2017:2418 • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2621 – openstack-heat: /var/log/heat/ is world readable
https://notcve.org/view.php?id=CVE-2017-2621
18 May 2017 — An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Se ha encontrado un fallo de control de acceso en OpenStack Orchestration (heat) en versiones anteriores a la 8.0.0, 6.1.0 y 7.0.2, en el que un directorio de registro de servicio se hacía legible para todos los usuarios de manera incorrecta. Un usuario ma... • http://www.securityfocus.com/bid/96280 • CWE-532: Insertion of Sensitive Information into Log File CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-7481 – ansible: Security issue with lookup return not tainting the jinja2 environment
https://notcve.org/view.php?id=CVE-2017-7481
18 May 2017 — Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not evaluated. Ansible en versiones anteriores a la 2.3.1.0 y 2.4.0.0 no marca correctamente los resultados del plugin lookup como no seguros. Si un atacante pudiese c... • http://www.securityfocus.com/bid/98492 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2637 – rhosp-director: libvirtd is deployed with no authentication
https://notcve.org/view.php?id=CVE-2017-2637
18 May 2017 — A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to t... • http://www.securityfocus.com/bid/98576 • CWE-306: Missing Authentication for Critical Function •