Skip to main content

Openstack Platform

25 CVEs product

Monthly

CVE-2024-8007 HIGH This Week

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Openstack Platform
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-7319 PyPI MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-5625 HIGH PATCH This Week

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Red Hat Python Denial Of Service Openshift Container Platform For Arm64 Openshift Container Platform For Linuxone +3
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1636 PyPI MEDIUM This Month

A vulnerability was found in OpenStack Barbican containers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Barbican Openstack Platform
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-1633 PyPI MEDIUM This Month

A credentials leak flaw was found in OpenStack Barbican. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Barbican Openstack Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1625 PyPI MEDIUM POC PATCH This Month

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Heat Openstack Platform
NVD GitHub
CVSS 3.1
5.0
EPSS
0.7%
CVE-2023-1108 Maven HIGH PATCH This Week

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Decision Manager Fuse Integration Camel K +12
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-3637 PyPI MEDIUM This Month

An uncontrolled resource consumption flaw was found in openstack-neutron. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openstack Platform
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-3354 HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Openstack Platform Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-1668 HIGH PATCH This Week

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Vswitch Debian Linux Openshift Container Platform Openstack Platform +2
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2022-23451 PyPI HIGH PATCH This Week

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican Openstack Platform
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-2447 MEDIUM POC This Month

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Keystone Openstack Platform Quay Storage
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-23452 PyPI MEDIUM PATCH This Month

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican Openstack Platform
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2022-2132 HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora Debian Linux Enterprise Linux Fast Datapath +4
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2022-0718 PyPI MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-0866 MEDIUM This Month

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openstack Platform Wildfly
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20267 PyPI HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-20270 PyPI HIGH PATCH This Week

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pygments Openshift Container Platform Openstack Platform Software Collections +3
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-27781 HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-25658 PyPI MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Openstack Platform Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-25743 LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Openstack Platform Enterprise Linux
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-14365 PyPI HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine Ansible Tower Ceph Storage +2
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2020-10731 CRITICAL Act Now

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Openstack Platform
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2017-15114 HIGH PATCH This Week

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Openstack Platform
NVD
CVSS 3.0
8.1
EPSS
0.9%
EPSS 0% CVSS 8.1
HIGH This Week

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Openstack Platform
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Heat Openstack Platform
NVD
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Red Hat Python Denial Of Service +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A vulnerability was found in OpenStack Barbican containers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Barbican Openstack Platform
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A credentials leak flaw was found in OpenStack Barbican. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Barbican Openstack Platform
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

An information leak was discovered in OpenStack heat. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Heat Openstack Platform
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Decision Manager +14
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An uncontrolled resource consumption flaw was found in openstack-neutron. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openstack Platform
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +3
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Vswitch Debian Linux +4
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican +1
NVD
EPSS 1% CVSS 6.6
MEDIUM POC This Month

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Keystone Openstack Platform +2
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Denial Of Service Barbican +1
NVD
EPSS 2% CVSS 8.6
HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora +6
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openstack Platform +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Neutron Openstack Platform
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pygments Openshift Container Platform +5
NVD
EPSS 0% CVSS 7.1
HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage +3
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa +2
NVD GitHub
EPSS 0% CVSS 3.2
LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Ansible Engine +4
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Red Hat Openstack Platform
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Openstack Platform
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy