Redhat

Openstack

214 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-1655

  • EPSS 0.14%
  • Published 22.07.2022 15:15:08
  • Last modified 21.11.2024 06:41:11

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly...

4.3

CVE-2021-4180

  • EPSS 0.12%
  • Published 23.03.2022 20:15:10
  • Last modified 21.11.2024 06:37:04

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in con...

8.8

CVE-2021-3656

  • EPSS 0.06%
  • Published 04.03.2022 19:15:08
  • Last modified 21.11.2024 06:22:05

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the ...

5.5

CVE-2021-3620

  • EPSS 0.2%
  • Published 03.03.2022 19:15:08
  • Last modified 21.11.2024 06:22:00

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

6.5

CVE-2021-3930

  • EPSS 0.04%
  • Published 18.02.2022 18:15:09
  • Last modified 21.11.2024 06:22:47

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentiall...

5.9

CVE-2016-2124

  • EPSS 0.79%
  • Published 18.02.2022 18:15:08
  • Last modified 21.11.2024 02:47:52

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

8.5

CVE-2020-25717

  • EPSS 0.2%
  • Published 18.02.2022 18:15:08
  • Last modified 21.11.2024 05:18:33

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

7.5

CVE-2021-31918

  • EPSS 0.29%
  • Published 06.05.2021 17:15:08
  • Last modified 21.11.2024 06:06:30

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

7.5

CVE-2020-27827

  • EPSS 0.42%
  • Published 18.03.2021 17:15:13
  • Last modified 21.11.2024 05:21:53

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerabilit...

6.6

CVE-2020-14355

  • EPSS 1.63%
  • Published 07.10.2020 15:15:12
  • Last modified 21.11.2024 05:03:04

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...