Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34155 | 1 Redhat | 15 Ceph Storage, Cost Management, Cryostat and 12 more | 2024-11-21 | 4.3 Medium |
| Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | ||||
| CVE-2023-41419 | 2 Gevent, Redhat | 7 Gevent, Enterprise Linux, Openstack and 4 more | 2024-11-21 | 9.8 Critical |
| An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. | ||||
| CVE-2023-3153 | 2 Ovn, Redhat | 6 Open Virtual Network, Enterprise Linux, Fast Datapath and 3 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | ||||
| CVE-2023-37788 | 2 Goproxy Project, Redhat | 6 Goproxy, Acm, Openshift and 3 more | 2024-11-21 | 7.5 High |
| goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. | ||||
| CVE-2023-24532 | 2 Golang, Redhat | 10 Go, Enterprise Linux, Migration Toolkit Applications and 7 more | 2024-11-21 | 5.3 Medium |
| The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. | ||||
| CVE-2023-1636 | 2 Openstack, Redhat | 3 Barbican, Openstack, Openstack Platform | 2024-11-21 | 6 Medium |
| A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | ||||
| CVE-2023-1633 | 2 Openstack, Redhat | 3 Barbican, Openstack, Openstack Platform | 2024-11-21 | 6.6 Medium |
| A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | ||||
| CVE-2023-1625 | 2 Openstack, Redhat | 3 Heat, Openstack, Openstack Platform | 2024-11-21 | 7.4 High |
| An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | ||||
| CVE-2023-1108 | 2 Netapp, Redhat | 29 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 26 more | 2024-11-21 | 7.5 High |
| A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | ||||
| CVE-2022-3596 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 7.5 High |
| An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. | ||||
| CVE-2022-3276 | 2 Puppet, Redhat | 2 Puppetlabs-mysql, Openstack | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||
| CVE-2022-3261 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 4.4 Medium |
| A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | ||||
| CVE-2022-37394 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | 3.3 Low |
| An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. | ||||
| CVE-2022-32189 | 2 Golang, Redhat | 13 Go, Ceph Storage, Container Native Virtualization and 10 more | 2024-11-21 | 7.5 High |
| A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | ||||
| CVE-2022-32148 | 2 Golang, Redhat | 19 Go, Acm, Application Interconnect and 16 more | 2024-11-21 | 6.5 Medium |
| Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | ||||
| CVE-2022-30635 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | ||||
| CVE-2022-30632 | 2 Golang, Redhat | 18 Go, Acm, Application Interconnect and 15 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | ||||
| CVE-2022-30630 | 2 Golang, Redhat | 17 Go, Acm, Application Interconnect and 14 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | ||||
| CVE-2022-30629 | 2 Golang, Redhat | 15 Go, Acm, Ceph Storage and 12 more | 2024-11-21 | 3.1 Low |
| Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | ||||
| CVE-2022-30323 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | ||||