Lucene search
K
RedhatOpenstack Platform

39 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5285 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2023/12/18 12:0 a.m.4854 views

CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

5.9CVSS6.7AI score0.93305EPSS
CVE
CVE
added 2023/09/14 2:48 p.m.2725 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
CVE
CVE
added 2022/09/06 5:18 p.m.711 views

CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

8.1CVSS7.5AI score0.00971EPSS
CVE
CVE
added 2021/03/23 4:40 p.m.343 views

CVE-2021-20270

CVE-2021-20270 describes an infinite loop in Pygments’ SMLLexer, affecting Pygments 1.5–2.7.3, which can cause DoS during syntax highlighting of StandardML sources (e.g., input containing only the keyword “exception”). Connected advisories confirm affected distributions (e.g., Debian, AlmaLinux, ...

7.5CVSS7.3AI score0.02707EPSS
CVE
CVE
added 2020/12/18 12:0 a.m.283 views

CVE-2020-27781

CVE-2020-27781 affects Ceph and specifically allows privilege escalation via Native CephFS consumers of OpenStack Manila. An OpenStack Manila user can request access to a share for an arbitrary cephx user; the interface drivers reveal the access key, enabling all users in the requesting project t...

7.1CVSS6.8AI score0.0031EPSS
CVE
CVE
added 2022/03/16 2:12 p.m.272 views

CVE-2021-20257

CVE-2021-20257 concerns QEMU’s e1000 NIC emulator. The issue is an infinite loop in process_tx_desc when tx descriptor fields are invalid, allowing a guest to exhaust host CPU and cause DoS. Connected advisories confirm this affects QEMU and related builds (e.g., Debian LTS, Red Hat/AL2, Astra Li...

6.5CVSS6.7AI score0.00358EPSS
CVE
CVE
added 2023/07/11 4:16 p.m.227 views

CVE-2023-3354

CVE-2023-3354 affects the QEMU built-in VNC server. The issue arises from improper I/O watch removal during TLS handshake, which can lead to a NULL pointer dereference when a previously-handshake connection is cleaned up during new connections. This allows a remote unauthenticated attacker to cau...

7.5CVSS7.4AI score0.01592EPSS
CVE
CVE
added 2020/09/23 12:25 p.m.217 views

CVE-2020-14365

CVE-2020-14365 affects the Ansible Engine (ansible-engine 2.8.x before 2.8.15; 2.9.x before 2.9.13). When using the dnf module, GPG signatures are ignored during installation if disable_gpg_check is False, allowing potentially malicious packages to be installed and their installation scripts to e...

7.1CVSS6.9AI score0.00233EPSS
CVE
CVE
added 2022/03/02 12:0 a.m.216 views

CVE-2021-3654

The CVE-2021-3654 issue affects openstack-nova’s console proxy, noVNC, where crafting a malicious URL can trigger an open redirect to an attacker-controlled site. This could enable users to be redirected to a malicious page, potentially exposing sensitive information or enabling further actions. ...

6.1CVSS6.1AI score0.26792EPSS
CVE
CVE
added 2022/08/31 3:32 p.m.206 views

CVE-2022-2132

CVE-2022-2132 is a DoS vulnerability in DPDK caused by a permissive input validation that allows a remote attacker to trigger a denial of service by sending a crafted Vhost header. The issue affects the DPDK component handling Vhost descriptors, where processing of the Vhost header can exhaust mb...

8.6CVSS8AI score0.01708EPSS
CVE
CVE
added 2022/08/29 2:3 p.m.197 views

CVE-2022-0718

The CVE-2022-0718 issue affects python-oslo.utils/oslo.utils where improper parsing causes passwords containing a double quote to be masked incorrectly in debug logs, exposing the portion after the quote. Impact is credential disclosure of sensitive data in logs (confidentiality impact stated by ...

4.9CVSS4.8AI score0.01335EPSS
CVE
CVE
added 2020/11/12 1:48 p.m.193 views

CVE-2020-25658

CVE-2020-25658 involves the Python-RSA library and a Bleichenbacher timing attack on the RSA decryption API. An attacker could decrypt parts of ciphertext encrypted with RSA, impacting confidentiality. Connected advisories confirm the vulnerability and provide remediation guidance. IBM/Red Hat an...

7.5CVSS5.7AI score0.01631EPSS
CVE
CVE
added 2023/11/01 1:28 p.m.183 views

CVE-2023-5625

CVE-2023-5625 describes a patch regression in Red Hat builds of python-eventlet where the CVE-2021-21419 fix was not applied across all builds/products. Connected sources confirm the issue affects python-eventlet and note a related memory-exhaustion risk via large or highly compressed websocket f...

7.5CVSS5.7AI score0.01807EPSS
CVE
CVE
added 2022/08/25 12:0 a.m.176 views

CVE-2021-3979

CVE-2021-3979 concerns a key length flaw in Ceph Storage (Red Hat Ceph Storage). The attacker could exploit incorrect key length handling to produce non-random keys, potentially weakening confidentiality and integrity of encrypted disks. The connected advisories confirm this vulnerability within ...

6.5CVSS6.4AI score0.00436EPSS
CVE
CVE
added 2023/04/10 12:0 a.m.171 views

CVE-2023-1668

CVE-2023-1668 — Open vSwitch (OVS) has a flaw where, when processing an IP packet with protocol 0, OVS installs a datapath flow whose action does not modify the IP header. This can cause a datapath rule matching all IP protocols (nw_proto wildcarded) to have an incorrect action, risking improper ...

8.2CVSS7.7AI score0.01216EPSS
CVE
CVE
added 2022/08/17 12:0 a.m.164 views

CVE-2020-14394

CVE-2020-14394 is an issue in QEMU where the USB xHCI controller emulation can enter an infinite loop while computing the length of the TRB Ring, allowing a privileged guest to hang the host QEMU process (DoS). Affected component: QEMU’s USB xHCI controller emulation; root cause: incorrect handli...

3.2CVSS5.2AI score0.00363EPSS
CVE
CVE
added 2022/05/10 8:20 p.m.157 views

CVE-2022-0866

CVE-2022-0866 describes a concurrency issue in the EJB session context for RunAs-enabled components (EJBComponent) in JBoss/WildFly Elytron. The incomingRunAsIdentity field, currently a SecurityIdentity, can be concurrently accessed, causing getCallerPrincipal and isCallerInRole to return the wro...

5.3CVSS5.3AI score0.00824EPSS
CVE
CVE
added 2024/03/15 12:38 p.m.148 views

CVE-2023-6725

CVE-2023-6725 affects Red Hat OpenStack Platform 17.1 components tripleo-ansible and openstack-tripleo-heat-templates, with a root cause of bind keys being world readable. This could expose private configuration data (e.g., BIND keys) to an attacker with access to the host/container. Remediation ...

5.5CVSS6.2AI score0.00203EPSS
CVE
CVE
added 2020/10/06 2:15 p.m.140 views

CVE-2020-25743

Summary of CVE-2020-25743 (QEMU): The vulnerability occurs in the IDE PCI driver path. Specifically, hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check prior to an ide_cancel_dma_sync call. This is a local, potential crash/Denial of Service s...

3.2CVSS4.8AI score0.00476EPSS
CVE
CVE
added 2023/01/18 12:0 a.m.133 views

CVE-2022-3100

The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...

5.9CVSS5.4AI score0.00433EPSS
CVE
CVE
added 2022/09/01 8:57 p.m.131 views

CVE-2022-23452

CVE-2022-23452 affects openstack-barbican. The flaw is an authorization issue where any admin can add secrets to another project’s container, enabling network-accessed resource consumption and potential DoS. The NVD CVSSv3.1 base score is 4.9 (MEDIUM) with Network attack, low complexity, and high...

4.9CVSS5AI score0.00981EPSS
CVE
CVE
added 2023/09/20 7:6 p.m.124 views

CVE-2022-3596

CVE-2022-3596 affects OpenStack Platform’s undercloud (instack-undercloud) and is caused by an information disclosure where the rsync daemon can leak data to the undercloud. This unauthenticated, remote-access flaw may allow attackers to inspect sensitive data, including administrator credentials...

7.5CVSS7.3AI score0.01107EPSS
CVE
CVE
added 2021/05/28 6:46 p.m.122 views

CVE-2021-20267

CVE-2021-20267 affects OpenStack Neutron when using the Open vSwitch driver. The flaw resides in Neutron’s default Open vSwitch firewall rules, allowing an attacker who controls a server instance connected to the virtual switch to impersonate other IPv6 addresses, potentially causing denial of se...

7.1CVSS7.2AI score0.01015EPSS
CVE
CVE
added 2021/06/02 2:18 p.m.120 views

CVE-2019-12067

CVE-2019-12067 affects QEMU’s AHCI emulation: the ahci_commit_buf function in ide/ahci.c can dereference a NULL ad->cur_cmd, causing a denial of service (host QEMU process denial). Public docs (NVD entry) confirm the vulnerability and impact (availability) with local access required; EulerOS/N...

6.5CVSS6.6AI score0.00307EPSS
CVE
CVE
added 2024/08/21 1:40 p.m.116 views

CVE-2024-8007

CVE-2024-8007 affects the Red Hat OpenStack Platform (RHOSP) 17.1.x Director component, specifically the openstack-tripleo-common module used by the director. The vulnerability arises from disabling TLS certificate verification for registry mirrors, which can allow an attacker to deploy potential...

8.1CVSS7.9AI score0.00392EPSS
CVE
CVE
added 2022/08/26 3:25 p.m.112 views

CVE-2021-3563

CVE-2021-3563 affects OpenStack Keystone. The issue stems from keystone only validating the first 72 characters of an application secret, enabling bypass of some password complexity checks and affecting confidentiality and integrity. The vulnerability is listed across multiple advisories (e.g., D...

7.4CVSS7.2AI score0.01319EPSS
CVE
CVE
added 2020/07/31 12:38 p.m.110 views

CVE-2020-10731

Summary: CVE-2020-10731 affects the nova_libvirt container in Red Hat OpenStack Platform 16, where SELinux is not enabled, which disables sVirt isolation for running VMs. The issue is described across multiple sources as eliminating sVirt protection due to disabled SELinux. Public technical detai...

9.9CVSS9.1AI score0.00889EPSS
CVE
CVE
added 2023/03/06 12:0 a.m.107 views

CVE-2022-3277

CVE-2022-3277 affects OpenStack Neutron; an uncontrolled resource consumption flaw allows a remote authenticated user to query security groups for an invalid project, creating resources unconstrained by quotas and potentially causing a denial of service. The issue is tied to the OpenStack Neutron...

6.5CVSS6AI score0.01056EPSS
CVE
CVE
added 2022/09/01 8:30 p.m.105 views

CVE-2022-2447

CVE-2022-2447 affects OpenStack Keystone. A time lag (up to one hour) between policy revocation and actual revocation could let a remote administrator maintain access longer than expected. Related advisories (e.g., Ubuntu USN-7926-1) reference this CVE and indicate that updates are available; app...

6.6CVSS6.4AI score0.00585EPSS
CVE
CVE
added 2021/06/07 7:41 p.m.104 views

CVE-2020-1690

openstack-selinux contains an improper authorization flaw in its applied policy that allows a non-root user in a container to escalate privileges by interacting with dbus, potentially starting/stopping services and causing denial of service. Affected are versions before openstack-selinux 0.8.24. ...

6.5CVSS6.4AI score0.00221EPSS
CVE
CVE
added 2023/07/25 12:47 p.m.104 views

CVE-2023-3637

Summary: CVE-2023-3637 affects OpenStack Networking (neutron) within Red Hat OpenStack Platform. The flaw is an uncontrolled resource consumption vulnerability where a remote authenticated user can query a list of security groups for an invalid project, causing resources to be created and not con...

6.5CVSS5.1AI score0.00969EPSS
CVE
CVE
added 2023/09/24 12:8 a.m.98 views

CVE-2023-1625

CVE-2023-1625 affects OpenStack Heat. A disclosed information leak allows a remote, authenticated attacker to use the stack show command to reveal otherwise hidden parameters. Impact is described as low for confidentiality and low for other aspects, with exploitation tied to OpenStack Heat behavi...

7.4CVSS5.8AI score0.00709EPSS
CVE
CVE
added 2024/11/07 10:0 a.m.94 views

CVE-2023-1932

CVE-2023-1932 involves a vulnerability in Hibernate Validator’s SafeHtmlValidator.isValid method. The flaw can be bypassed by omitting a tag ending in a less-than character, allowing browsers to render invalid HTML and potentially enabling HTML injection or Cross-Site Scripting (XSS). The entry s...

6.1CVSS6.1AI score0.00452EPSS
CVE
CVE
added 2023/09/24 12:9 a.m.82 views

CVE-2023-1633

CVE-2023-1633 affects OpenStack Barbican. Multiple sources describe a credentials-leak flaw where a local authenticated attacker can read the Barbican configuration file and access sensitive credentials. The issue is tied to insecure configuration file handling and is acknowledged in Red Hat’s RH...

6.6CVSS5.4AI score0.00191EPSS
CVE
CVE
added 2023/09/24 12:9 a.m.80 views

CVE-2023-1636

OpenStack Barbican containers in an all‑in‑one configuration share CGROUP, USER, and NET namespaces with the host and other services, allowing a compromised service to access data transmitted to/from Barbican. The CVE-2023-1636 entry describes an information‑disclosure risk due to incomplete cont...

6CVSS5.4AI score0.0048EPSS
CVE
CVE
added 2017/11/27 4:0 p.m.77 views

CVE-2017-15114

Technical details are not publicly available in the provided connected documents. The CVE description is repeated across sources without specifics on affected products, versions, or fixes. Monitor for updates from vendor advisories.

9.3CVSS8.4AI score0.01506EPSS
CVE
CVE
added 2024/08/02 8:36 p.m.67 views

CVE-2024-7319

CVE-2024-7319 arises from an incomplete fix for CVE-2023-1625 in OpenStack Heat. The vulnerability could allow sensitive information to be disclosed via the OpenStack stack abandon command when the hidden feature remains enabled, even if the CVE-2023-1625 fix is applied. The connected documents c...

5CVSS7.5AI score0.00709EPSS
CVE
CVE
added 2023/09/15 8:20 p.m.61 views

CVE-2022-3261

CVE-2022-3261 affects OpenStack; multiple components log plaintext passwords to /var/log/messages during the OpenStack overcloud update, causing disclosure of sensitive information. The available sources describe the issue and its impact but do not specify affected versions, fixes, or mitigations...

7.5CVSS5.2AI score0.00292EPSS