Show filters
341 Total Results
Displaying 31-40 of 341
Sort by:
Attacker Value
Unknown

CVE-2023-3637

Disclosure Date: July 25, 2023 (last updated February 25, 2025)
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Attacker Value
Unknown

CVE-2023-3354

Disclosure Date: July 11, 2023 (last updated February 25, 2025)
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.
Attacker Value
Unknown

CVE-2023-2088

Disclosure Date: May 12, 2023 (last updated February 24, 2025)
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
Attacker Value
Unknown

CVE-2023-1668

Disclosure Date: April 10, 2023 (last updated February 24, 2025)
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.
Attacker Value
Unknown

CVE-2022-3146

Disclosure Date: March 23, 2023 (last updated February 24, 2025)
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
Attacker Value
Unknown

CVE-2022-3101

Disclosure Date: March 23, 2023 (last updated February 24, 2025)
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.
Attacker Value
Unknown

CVE-2022-4134

Disclosure Date: March 06, 2023 (last updated February 24, 2025)
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
Attacker Value
Unknown

CVE-2022-3277

Disclosure Date: March 06, 2023 (last updated February 24, 2025)
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Attacker Value
Unknown

CVE-2022-3100

Disclosure Date: January 18, 2023 (last updated February 24, 2025)
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Attacker Value
Unknown

CVE-2022-38065

Disclosure Date: December 20, 2022 (last updated February 24, 2025)
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.