Product:

Openstack

(Redhat)
Date Id Summary Products Score Patch Annotated
2022-02-18 CVE-2016-2124 A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_tus, Enterprise_linux_workstation, Gluster_storage, Openstack, Virtualization_host, Samba 5.9
2022-02-18 CVE-2020-25717 A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Ubuntu_linux, Debian_linux, Fedora, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_resilient_storage, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_server_update_services_for_sap_solutions, Enterprise_linux_tus, Enterprise_linux_workstation, Gluster_storage, Openstack, Virtualization, Virtualization_host, Samba 8.1
2020-01-31 CVE-2015-6815 The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. Eos, Ubuntu_linux, Fedora, Suse_linux_enterprise_debuginfo, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Suse_linux_enterprise_software_development_kit, Qemu, Enterprise_linux, Openstack, Xen 3.5
2023-05-12 CVE-2023-2088 A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. Openstack 6.5
2022-12-21 CVE-2022-38065 A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. Openstack 8.8
2017-03-15 CVE-2016-7103 Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Debian_linux, Fedora, Jquery_ui, Junos, Snapcenter, Application_express, Business_intelligence, Hospitality_cruise_fleet_management, Oss_support_tools, Primavera_unifier, Siebel_ui_framework, Weblogic_server, Openstack 6.1
2021-03-18 CVE-2020-27827 A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. Fedora, Lldpd, Openvswitch, Enterprise_linux, Openshift_container_platform, Openstack, Virtualization, Simatic_hmi_unified_comfort_panels_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Sinumerik_one_firmware, Tim_1531_irc_firmware 7.5
2023-03-23 CVE-2022-3101 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. Tripleo_ansible, Openstack, Openstack_for_ibm_power 5.5
2023-03-23 CVE-2022-3146 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. Tripleo_ansible, Openstack, Openstack_for_ibm_power 5.5
2023-03-06 CVE-2022-4134 A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. Glance, Openstack 2.8