Product:

Openstack

(Redhat)
Date Id Summary Products Score Patch Annotated
2022-12-21 CVE-2022-38065 A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. Openstack 8.8
2023-01-18 CVE-2022-3100 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Barbican, Openstack, Openstack_for_ibm_power, Openstack_platform 5.9
2023-03-06 CVE-2022-4134 A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. Glance, Openstack 2.8
2023-03-23 CVE-2022-3101 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. Tripleo_ansible, Openstack, Openstack_for_ibm_power 5.5
2023-03-23 CVE-2022-3146 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. Tripleo_ansible, Openstack, Openstack_for_ibm_power 5.5
2023-05-12 CVE-2023-2088 A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. Openstack 6.5
2018-03-09 CVE-2018-7536 An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. Ubuntu_linux, Debian_linux, Django, Openstack 5.3
2018-10-08 CVE-2018-1000807 Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. Ubuntu_linux, Pyopenssl, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Openstack 8.1
2013-07-31 CVE-2013-2882 Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Debian_linux, Chrome, Node\.js, Openstack N/A
2014-11-01 CVE-2014-3615 The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization N/A