VYPR

Openstack

by Red Hat

Source repositories

CVEs (107)

  • CVE-2015-3209Jun 15, 2015
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

  • CVE-2013-6393Feb 6, 2014
    risk 0.01cvss epss 0.09

    The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a…

  • CVE-2023-1932Nov 7, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML…

  • CVE-2023-6725Mar 15, 2024
    risk 0.00cvss epss 0.00

    An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive…

  • CVE-2023-5625Nov 1, 2023
    risk 0.00cvss epss 0.01

    A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

  • CVE-2023-5366Oct 6, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect…

  • CVE-2023-3153Oct 4, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

  • CVE-2023-1633Sep 24, 2023
    risk 0.00cvss epss 0.00

    A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

  • CVE-2023-1636Sep 24, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any…

  • CVE-2022-3596Sep 20, 2023
    risk 0.00cvss epss 0.01

    An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access…

  • CVE-2022-3261Sep 15, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

  • CVE-2023-3637Jul 25, 2023
    risk 0.00cvss epss 0.01

    An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to…

  • CVE-2022-1655Jul 22, 2022
    risk 0.00cvss epss 0.00

    An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of…

  • CVE-2021-31918May 6, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

  • CVE-2020-10755Jun 10, 2020
    risk 0.00cvss epss 0.01

    An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with…

  • CVE-2015-5225Nov 6, 2015
    risk 0.00cvss epss 0.01

    Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related…

  • CVE-2015-3214Aug 31, 2015
    risk 0.00cvss epss 0.02

    The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

  • CVE-2015-1842Apr 10, 2015
    risk 0.00cvss epss 0.05

    The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

  • CVE-2015-0271Mar 10, 2015
    risk 0.00cvss epss 0.02

    The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.

  • CVE-2014-3691Mar 9, 2015
    risk 0.00cvss epss 0.02

    Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

Page 4 of 6