Openstack@16.1 Security Vulnerabilities and Issues — Openstack@16.1 CVE List

Lucene search

RedhatOpenstack16.1

11 matches found

CVE•added 2020/08/07 4:15 p.m.•3102 views

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for...

7.5CVSS8.3AI score0.76163EPSS

CVE•added 2022/02/18 6:15 p.m.•836 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

8.5CVSS8.1AI score0.00152EPSS

CVE•added 2022/02/18 6:15 p.m.•616 views

CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

5.9CVSS7.2AI score0.00681EPSS

CVE•added 2020/10/07 3:15 p.m.•398 views

CVE-2020-14355

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messag...

6.6CVSS7.2AI score0.0185EPSS

CVE•added 2022/03/03 7:15 p.m.•201 views

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

5.5CVSS5.3AI score0.00228EPSS

CVE•added 2022/03/23 8:15 p.m.•124 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive infor...

4.3CVSS4AI score0.00099EPSS

CVE•added 2023/01/18 5:15 p.m.•111 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

5.9CVSS5.4AI score0.00024EPSS

CVE•added 2023/03/23 9:15 p.m.•89 views

CVE-2022-3146

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosur...

5.5CVSS4.9AI score0.00012EPSS

CVE•added 2023/03/23 9:15 p.m.•83 views

CVE-2022-3101

5.5CVSS4.9AI score0.00012EPSS

CVE•added 2023/03/06 11:15 p.m.•76 views

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

2.8CVSS3.6AI score0.00091EPSS

CVE•added 2021/05/06 5:15 p.m.•55 views

CVE-2021-31918

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

7.5CVSS7.4AI score0.00287EPSS