5 matches found
CVE-2020-9490
CVE-2020-9490 affects Apache HTTP Server versions 2.4.20–2.4.43. A specially crafted value for the Cache-Digest header in an HTTP/2 request could cause a crash when the server subsequently attempts to HTTP/2 PUSH a resource. Mitigation for unpatched servers is to disable HTTP/2 PUSH via H2Push of...
CVE-2019-11281
CVE-2019-11281 affects Pivotal RabbitMQ and RabbitMQ for PCF where two UI components (virtual host limits page and federation management UI) fail to sanitize user input. A remote authenticated administrator could craft a cross-site scripting attack to access virtual hosts and policy management in...
CVE-2022-3100
The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...
CVE-2022-3146
CVE-2022-3146 is described in public advisories as a vulnerability in Red Hat OpenStack Platform (tripleo-ansible) where an insecure default configuration leaves a sensitive file with insufficient permissions. This can allow a local attacker to brute-force the relevant directory and discover the ...
CVE-2022-3101
The CVE-2022-3101 entry affects tripleo-ansible, where an insecure default configuration leaves a sensitive file with insufficient permissions. This enables a local attacker to brute-force the relevant directory to discover the file, leading to disclosure of important OpenStack deployment configu...