Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14859 | 2 Python-ecdsa Project, Redhat | 4 Python-ecdsa, Ceph Storage, Openstack and 1 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable signature to create false transactions. | |||||
| CVE-2019-14864 | 3 Debian, Opensuse, Redhat | 8 Debian Linux, Backports Sle, Leap and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. | |||||
| CVE-2019-19337 | 1 Redhat | 1 Ceph Storage | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server. | |||||