| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-10193 |
787 |
|
Overflow |
2019-07-11 |
2021-10-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. |
|
2 |
CVE-2019-10192 |
787 |
|
Overflow |
2019-07-11 |
2021-10-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. |
|
3 |
CVE-2018-1000115 |
400 |
|
DoS |
2018-03-05 |
2021-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. |
|
4 |
CVE-2018-18438 |
190 |
|
Overflow |
2018-10-19 |
2021-08-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. |
|
5 |
CVE-2018-11806 |
787 |
|
Overflow |
2018-06-13 |
2021-08-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. |
|
6 |
CVE-2018-3639 |
203 |
|
Bypass |
2018-05-22 |
2021-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. |
|
7 |
CVE-2018-1059 |
200 |
|
+Info |
2018-04-24 |
2021-08-04 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. |
|
8 |
CVE-2017-18191 |
|
|
DoS |
2018-02-19 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. |
|
9 |
CVE-2017-10664 |
|
|
DoS |
2017-08-02 |
2021-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. |
|
10 |
CVE-2017-9214 |
191 |
|
|
2017-05-23 |
2021-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. |
|
11 |
CVE-2017-8379 |
772 |
|
DoS |
2017-05-23 |
2021-08-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. |
|
12 |
CVE-2017-8309 |
772 |
|
DoS |
2017-05-23 |
2021-08-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. |
|
13 |
CVE-2017-7980 |
119 |
|
DoS Exec Code Overflow |
2017-07-25 |
2021-08-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. |
|
14 |
CVE-2017-7543 |
362 |
|
|
2018-07-26 |
2023-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. |
|
15 |
CVE-2017-7539 |
617 |
|
DoS |
2018-07-26 |
2023-02-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. |
|
16 |
CVE-2017-5973 |
835 |
|
DoS |
2017-03-27 |
2021-08-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. |
|
17 |
CVE-2017-2673 |
863 |
|
|
2018-07-19 |
2023-02-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. |
|
18 |
CVE-2017-2637 |
306 |
|
|
2018-07-26 |
2023-02-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loopback interface addresses, or in some cases possibly addresses that have been exposed beyond the management interface, could use this to open a virsh session to the libvirtd instance and gain control of virtual machine instances or possibly take over the host. |
|
19 |
CVE-2017-2621 |
552 |
|
|
2018-07-27 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. |
|
20 |
CVE-2017-2620 |
125 |
|
Exec Code |
2018-07-27 |
2021-08-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. |
|
21 |
CVE-2017-2615 |
787 |
|
Exec Code |
2018-07-03 |
2023-02-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. |
|
22 |
CVE-2016-9921 |
369 |
|
|
2016-12-23 |
2023-02-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. |
|
23 |
CVE-2016-9911 |
772 |
|
|
2016-12-23 |
2023-02-13 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. |
|
24 |
CVE-2016-9907 |
772 |
|
|
2016-12-23 |
2023-02-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host. |
|
25 |
CVE-2016-9603 |
119 |
|
Exec Code Overflow |
2018-07-27 |
2021-08-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. |
|
26 |
CVE-2016-9590 |
200 |
|
+Info |
2018-04-26 |
2021-08-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. |
|
27 |
CVE-2016-8910 |
835 |
|
DoS |
2016-11-04 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count. |
|
28 |
CVE-2016-8909 |
835 |
|
DoS |
2016-11-04 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position. |
|
29 |
CVE-2016-8669 |
369 |
|
DoS |
2016-11-04 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base. |
|
30 |
CVE-2016-8576 |
770 |
|
DoS |
2016-11-04 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process. |
|
31 |
CVE-2016-7466 |
772 |
|
DoS |
2016-12-10 |
2023-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. |
|
32 |
CVE-2016-7422 |
120 |
|
DoS |
2016-12-10 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value. |
|
33 |
CVE-2016-7103 |
79 |
|
XSS |
2017-03-15 |
2022-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. |
|
34 |
CVE-2016-6888 |
190 |
|
DoS Overflow |
2016-12-10 |
2021-08-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference. |
|
35 |
CVE-2016-6662 |
264 |
|
Exec Code Bypass |
2016-09-20 |
2021-08-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15. |
|
36 |
CVE-2016-6519 |
79 |
|
XSS |
2017-04-21 |
2021-08-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. |
|
37 |
CVE-2016-5403 |
400 |
|
DoS |
2016-08-02 |
2021-08-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. |
|
38 |
CVE-2016-5126 |
787 |
|
DoS Exec Code Overflow |
2016-06-01 |
2023-02-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. |
|
39 |
CVE-2016-4020 |
|
|
+Info |
2016-05-25 |
2023-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR). |
|
40 |
CVE-2016-2857 |
119 |
|
DoS Overflow |
2016-04-12 |
2023-02-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. |
