CVE-2019-3895

MEDIUM Year: 2019
CVSS v3 Score
5.5
Medium
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

Related Vulnerabilities

CVE-2013-7460

MEDIUM
CVSS:5.5(Medium)

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part o...

CWE-2842013

CVE-2013-7461

MEDIUM
CVSS:5.5(Medium)

A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write ...

CWE-2842013

CVE-2014-9798

MEDIUM
CVSS:5.5(Medium)

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attac...

CWE-2842014

CVE-2015-1976

MEDIUM
CVSS:5.5(Medium)

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.

CWE-2842015

CVE-2015-3840

MEDIUM
CVSS:5.5(Medium)

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" ...

CWE-2842015

CVE-2015-7895

MEDIUM
CVSS:5.5(Medium)

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

CWE-2842015