CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/05/13 10:16 p.m.•11 views

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

5.5CVSS6.3AI score0.00015EPSS

CVE•added 2024/05/13 10:16 p.m.•55 views

CVE-2024-4840

CVE-2024-4840 affects OpenStack Platform (RHOSP) director components, where plaintext passwords can be stored in log files if logging is enabled. The vulnerability is linked to the RHOSP 17.1.4 security update (RHSA-2024:9978) and related heat-templates components, which provides the patch to add...

5.5CVSS6.1AI score0.00015EPSS

Positive Technologies•added 2024/05/13 12:0 a.m.•3 views

PT-2024-33096 · Red Hat · Openstack Platform Director

Name of the Vulnerable Software and Affected Versions: OpenStack Platform RHOSP director affected versions not specified Description: A flaw in the OpenStack Platform director allows plaintext passwords to be stored in log files. This can expose sensitive information to anyone with access to the...

5.5CVSS6.4AI score0.00015EPSS

Tenable Nessus•added 2024/05/11 12:0 a.m.•23 views

RHEL 6 : openstack-neutron (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-neutron: MAC source address spoofing vulnerability CVE-2016-5363 - The IPTables firewall in...

8.5AI score0.0631EPSS

Exploits0References2

Tenable Nessus•added 2024/05/11 12:0 a.m.•25 views

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

7.6AI score0.00535EPSS

Exploits0References2

Tenable Nessus•added 2024/05/11 12:0 a.m.•18 views

RHEL 6 : openstack-heat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-heat: Template source URL allows network port scan CVE-2016-9185 Note that Nessus has not tested for this...

4.8AI score0.00527EPSS

Exploits0References1

NVD•added 2024/05/08 9:15 a.m.•30 views

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS8AI score0.00059EPSS

NVD•added 2024/05/08 9:15 a.m.•40 views

CVE-2024-4438

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

7.5CVSS8.2AI score0.00064EPSS

NVD•added 2024/05/08 9:15 a.m.•22 views

CVE-2024-4437

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

7.5CVSS7.8AI score0.00059EPSS

UbuntuCve•added 2024/05/08 9:15 a.m.•35 views

CVE-2024-4436

7.5CVSS7.1AI score0.00264EPSS

UbuntuCve•added 2024/05/08 9:15 a.m.•22 views

CVE-2024-4438

7.5CVSS7.1AI score0.00064EPSS

UbuntuCve•added 2024/05/08 9:15 a.m.•38 views

CVE-2024-4437

7.5CVSS7AI score0.00059EPSS

Cvelist•added 2024/05/08 8:59 a.m.•42 views

CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

7.5CVSS7.4AI score0.00064EPSS

Vulnrichment•added 2024/05/08 8:59 a.m.•63 views

CVE-2024-4438 Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

7.5CVSS8.6AI score0.00064EPSS

CVE•added 2024/05/08 8:59 a.m.•174 views

CVE-2024-4438

Technical details about CVE-2024-4438 are not provided in the supplied documents. The entry only states an incomplete fix related to CVE-2023-39325/CVE-2023-44487 in etcd within Red Hat OpenStack; no affected products, versions, or fixes are specified. Monitor for updates.

7.5CVSS7.6AI score0.00064EPSS

CVE•added 2024/05/08 8:57 a.m.•143 views

CVE-2024-4437

CVE-2024-4437 concerns the etcd package in the Red Hat OpenStack Platform with an incomplete fix for CVE-2021-44716. The root cause, as stated, is that the etcd package uses http://golang.org/x/net/http2 instead of the Red Hat Enterprise Linux-provided version, requiring a compile-time update rat...

7.5CVSS7.6AI score0.00059EPSS

Cvelist•added 2024/05/08 8:57 a.m.•40 views

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

7.5CVSS8AI score0.00059EPSS

Vulnrichment•added 2024/05/08 8:57 a.m.•33 views

CVE-2024-4437 Etcd: incomplete fix for cve-2021-44716 in openstack platform

7.5CVSS7.1AI score0.00059EPSS

CVE•added 2024/05/08 8:57 a.m.•142 views

CVE-2024-4436

The CVE-2024-4436 entry notes an incomplete fix for CVE-2022-41723 in the Red Hat OpenStack platform’s etcd package. The underlying issue is that the etcd package uses http://golang.org/x/net/http2 instead of the Red Hat Enterprise Linux-provided http2, meaning the fix should be applied at compil...

7.5CVSS6.6AI score0.00059EPSS