Openstack Platform Security Vulnerabilities and Issues — Openstack Platform CVE List

Lucene search

RedhatOpenstack Platform

5 matches found

CVE•added 2020/12/18 9:15 p.m.•245 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface dri...

7.1CVSS6.8AI score0.00043EPSS

CVE•added 2020/09/23 1:15 p.m.•183 views

CVE-2020-14365

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw l...

7.1CVSS6.9AI score0.0008EPSS

CVE•added 2020/11/12 2:15 p.m.•144 views

CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

7.5CVSS5.7AI score0.00131EPSS

CVE•added 2020/10/06 3:15 p.m.•119 views

CVE-2020-25743

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

3.2CVSS4.8AI score0.00044EPSS

CVE•added 2020/07/31 1:15 p.m.•86 views

CVE-2020-10731

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

9.9CVSS9.1AI score0.00281EPSS