Lucene search

Openstack Platform Security Vulnerabilities - 2020

cve

CVE-2020-10731

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

9.9CVSS

9.1AI Score

0.001EPSS

2020-07-31 01:15 PM

cve

CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw l...

7.1CVSS

6.9AI Score

0.0004EPSS

2020-09-23 01:15 PM

164

cve

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

7.5CVSS

5.7AI Score

0.002EPSS

2020-11-12 02:15 PM

116

cve

CVE-2020-25743

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

3.2CVSS

4.8AI Score

0.0004EPSS

2020-10-06 03:15 PM

cve

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface dri...

7.1CVSS

6.8AI Score

0.0004EPSS

2020-12-18 09:15 PM

216