Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatOpenstack

8 matches found

CVE
CVEadded 2022/02/18 6:15 p.m.838 views

CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

8.5CVSS8.1AI score0.00154EPSS
CVE
CVEadded 2022/02/18 6:15 p.m.618 views

CVE-2016-2124

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

5.9CVSS7.2AI score0.00604EPSS
CVE
CVEadded 2022/03/04 7:15 p.m.321 views

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malici...

8.8CVSS8.6AI score0.00057EPSS
CVE
CVEadded 2022/02/18 6:15 p.m.228 views

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service co...

6.5CVSS6.6AI score0.00038EPSS
CVE
CVEadded 2022/03/03 7:15 p.m.206 views

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

5.5CVSS5.3AI score0.00228EPSS
CVE
CVEadded 2022/03/23 8:15 p.m.124 views

CVE-2021-4180

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive infor...

4.3CVSS4AI score0.001EPSS
CVE
CVEadded 2022/12/21 11:14 p.m.75 views

CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

8.8CVSS8.8AI score0.00077EPSS
CVE
CVEadded 2022/07/22 3:15 p.m.56 views

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integri...

6.5CVSS6.4AI score0.00137EPSS