#red_hat

D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.

Unraid 6.8.0 allows authentication bypass.

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. Changes to the openstack-octavia-ui component: * This enhancement adds new features and usability enhancements to the Octavia Horizon dashboard. (BZ#1698467) Related CVEs: * CVE-2019-14818: dpdk: possible memory leak leads to denial of service

Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.

Red Hat OpenShift Container Platform release 4.3.1 is now available with updates to packages and images that fix several bugs.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.3.1. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2020:0391 All OpenShift Container Platform 4.3 users are advised to upgrade to these updated packages and images. Related CVEs: * CVE-2019-17596: golang: invalid public key causes panic in dsa.Verify * CVE-2020-7039: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() * CVE-2020-7211: QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host

The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.

Updated packages that fix several bugs and add various enhancements are now available for Red Hat OpenStack Platform 16.0 (Train) for RHEL 8.1.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-3866: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information. * CVE-2019-19687: A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforce_scope is false. Information for time-based one time passwords (TOTP) may also be disclosed. Deploymen...

Updated packages that fix several bugs and add various enhancements are now available for Red Hat OpenStack Platform 16.0 (Train) for RHEL 8.1.Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. For additional information about the items in this advisory, see the Technical Notes: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/release_notes/chap-technical_notes. Related CVEs: * CVE-2019-3866: openstack-mistral: information disclosure in mistral log