CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10898 – openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials
https://notcve.org/view.php?id=CVE-2018-10898
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. Se ha detectado una vulnerabilidad en openstack-tripleo-heat-templates en versiones anteriores a la 8.0.2-40. Al implementarse mediante Director con la configuración por defecto, Opendaylight en RHOSP13 se configura con credenciales por defecto fácilmente adivinables. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. • https://access.redhat.com/errata/RHSA-2018:2214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898 https://access.redhat.com/security/cve/CVE-2018-10898 https://bugzilla.redhat.com/show_bug.cgi?id=1600360 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2017-18191 – openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host
https://notcve.org/view.php?id=CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. Se ha descubierto un problema en OpenStack Nova en versiones 15.x hasta la 15.1.0 y 16.x hasta la 16.1.1. • http://openwall.com/lists/oss-security/2018/04/20/3 http://www.securityfocus.com/bid/103104 https://access.redhat.com/errata/RHSA-2018:2332 https://access.redhat.com/errata/RHSA-2018:2714 https://access.redhat.com/errata/RHSA-2018:2855 https://launchpad.net/bugs/1739593 https://review.openstack.org/539893 https://security.openstack.org/ossa/OSSA-2018-001.html https://access.redhat.com/security/cve/CVE-2017-18191 https://bugzilla.redhat.com/show_bug.cgi?id=1546937 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 95%CPEs: 66EXPL: 0CVE-2017-18017 – kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
https://notcve.org/view.php?id=CVE-2017-18017
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. La función tcpmss_mangle_packet en net/netfilter/xt_TCPMSS.c en el kernel de Linux, en versiones anteriores a la 4.11 y en versiones 4.9.x anteriores a la 4.9.36, permite que atacantes remotos provoquen una denegación de servicio (uso de memoria previamente liberada y corrupción de memoria) o, posiblemente, otro tipo de impacto sin especificar aprovechando la presencia de xt_TCPMSS en una acción iptables. The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2638fd0f92d4397884fd991d8f4925cb3f081901 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html http://lists.opensuse.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7549 – instack-undercloud: uses hardcoded /tmp paths
https://notcve.org/view.php?id=CVE-2017-7549
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. Se ha encontrado un error en la versión 7.2.0 de instack-undercloud tal y como viene incorporado en Red Hat OpenStack Platform Pike; la versión 6.1.0 en Red Hat OpenStack Platform Oacta y la versión 5.3.0 en Red Hat OpenStack Newton, en donde los scripts de preinstalación y políticas de seguridad emplearon archivos temporales no seguros. Un usuario local podría explotar esta vulnerabilidad para llevar a cabo un ataque de enlace simbólico que les permita sobrescribir el contenido de archivos arbitrarios. A flaw was found in instack-undercloud where pre-install and security policy scripts used insecure temporary files. • http://www.securityfocus.com/bid/100407 https://access.redhat.com/errata/RHSA-2017:2557 https://access.redhat.com/errata/RHSA-2017:2649 https://access.redhat.com/errata/RHSA-2017:2687 https://access.redhat.com/errata/RHSA-2017:2693 https://access.redhat.com/errata/RHSA-2017:2726 https://bugzilla.redhat.com/show_bug.cgi?id=1477403 https://access.redhat.com/security/cve/CVE-2017-7549 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12440 – openstack-aodh: Aodh can be used to launder Keystone trusts
https://notcve.org/view.php?id=CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. Aodh, tal y como viene en Openstack Ocata y Newton antes de change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 y antes de Pike-rc1, no verifica que las ID de confianza pertenecen al usuario cuando se crean acciones de alarma con el esquema "trust+http", lo que permite a los usuarios autenticados remotos con conocimiento sobre las ID de confianza en donde Aodh es la entidad de confianza obtener un token Keystone y realizar acciones autenticadas no especificadas añadiendo una acción de alarma con el esquema "trust+http" y proporcionando una ID de confianza en donde Aodh es la entidad de confianza. • http://www.debian.org/security/2017/dsa-3953 http://www.securityfocus.com/bid/100455 https://access.redhat.com/errata/RHSA-2017:3227 https://access.redhat.com/errata/RHSA-2018:0315 https://bugs.launchpad.net/ossn/+bug/1649333 https://review.openstack.org/#/c/493823 https://review.openstack.org/#/c/493824 https://review.openstack.org/#/c/493826 https://access.redhat.com/security/cve/CVE-2017-12440 https://bugzilla.redhat.com/show_bug.cgi?id=1478834 • CWE-306: Missing Authentication for Critical Function CWE-345: Insufficient Verification of Data Authenticity •