Product:

Openstack_platform

(Redhat)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2022-08-17 CVE-2020-14394 An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. Extra_packages_for_enterprise_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform 3.2
2022-08-25 CVE-2021-3979 A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Fedora, Ceph_storage, Ceph_storage_for_ibm_z_systems, Ceph_storage_for_power, Openshift_container_storage, Openshift_data_foundation, Openstack_platform 6.5
2022-08-26 CVE-2021-3563 A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. Debian_linux, Keystone, Openstack_platform 7.4
2022-08-29 CVE-2022-0718 A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. Debian_linux, Oslo\.utils, Openshift_container_platform, Openstack_platform 4.9
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. Debian_linux, Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization 8.6
2022-09-01 CVE-2022-23452 An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. Barbican, Openstack_platform 4.9
2022-09-01 CVE-2022-2447 A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. Keystone, Openstack_platform, Quay, Storage 6.6
2022-09-06 CVE-2022-23451 An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. Barbican, Openstack_platform 8.1
2023-01-18 CVE-2022-3100 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Barbican, Openstack, Openstack_for_ibm_power, Openstack_platform 5.9
2023-04-10 CVE-2023-1668 A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. Open_vswitch, Debian_linux, Fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization 8.2