Redhat Openstack_platform
39 CVEs affecting Redhat Openstack_platform. Latest disclosed: 2024-11-07. Critical: 1, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10731 | Critical | 9.9 | 2020-07-31 | A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, a… |
CVE-2022-2132 | High | 8.6 | 2022-08-31 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vho… |
CVE-2023-1668 | High | 8.2 | 2023-04-10 | A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP hea… |
CVE-2024-8007 | High | 8.1 | 2024-08-21 | A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy… |
CVE-2022-23451 | High | 8.1 | 2022-09-06 | An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or d… |
CVE-2017-15114 | High | 8.1 | 2017-11-27 | When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2022-3596 | High | 7.5 | 2023-09-20 | An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2023-3354 | High | 7.5 | 2023-07-11 | A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a cer… |
CVE-2021-20270 | High | 7.5 | 2021-03-23 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source… |
CVE-2020-25658 | High | 7.5 | 2020-11-12 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the c… |
CVE-2023-1625 | High | 7.4 | 2023-09-24 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal paramet… |
CVE-2021-3563 | High | 7.4 | 2022-08-26 | A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity w… |
CVE-2021-20267 | High | 7.1 | 2021-05-28 | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance conne… |
CVE-2020-27781 | High | 7.1 | 2020-12-18 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manil… |
CVE-2020-14365 | High | 7.1 | 2020-09-23 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf mo… |
CVE-2023-1633 | Medium | 6.6 | 2023-09-24 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sens… |
CVE-2022-2447 | Medium | 6.6 | 2022-09-01 | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from… |
CVE-2022-3277 | Medium | 6.5 | 2023-03-06 | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for a… |