Redhat

Openstack Platform

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.6

CVE-2022-2447

Exploit
  • EPSS 0.63%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 07:01:00

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain a...

4.9

CVE-2022-23452

  • EPSS 0.08%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:35

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

8.6

CVE-2022-2132

Exploit
  • EPSS 0.69%
  • Veröffentlicht 31.08.2022 16:15:10
  • Zuletzt bearbeitet 21.11.2024 07:00:23

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

4.9

CVE-2022-0718

Exploit
  • EPSS 0.33%
  • Veröffentlicht 29.08.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:15

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

7.4

CVE-2021-3563

Exploit
  • EPSS 0.03%
  • Veröffentlicht 26.08.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:51

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to da...

6.5

CVE-2021-3979

  • EPSS 0.3%
  • Veröffentlicht 25.08.2022 20:15:09
  • Zuletzt bearbeitet 21.11.2024 06:23:17

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality an...

3.2

CVE-2020-14394

Exploit
  • EPSS 0.02%
  • Veröffentlicht 17.08.2022 21:15:07
  • Zuletzt bearbeitet 21.11.2024 05:03:10

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of ...

5.3

CVE-2022-0866

  • EPSS 0.15%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:33

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRu...

6.5

CVE-2021-20257

  • EPSS 0.04%
  • Veröffentlicht 16.03.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:46:13

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to cons...

6.1

CVE-2021-3654

Exploit
  • EPSS 89.55%
  • Veröffentlicht 02.03.2022 23:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:04

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.