Show filters
341 Total Results
Displaying 41-50 of 341
Sort by:
Attacker Value
Unknown

CVE-2014-0148

Disclosure Date: September 29, 2022 (last updated February 24, 2025)
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Attacker Value
Unknown

CVE-2014-0147

Disclosure Date: September 29, 2022 (last updated February 24, 2025)
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
Attacker Value
Unknown

CVE-2014-0144

Disclosure Date: September 29, 2022 (last updated February 24, 2025)
QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.
Attacker Value
Unknown

CVE-2022-23451

Disclosure Date: September 06, 2022 (last updated February 24, 2025)
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Attacker Value
Unknown

CVE-2022-2447

Disclosure Date: September 01, 2022 (last updated February 24, 2025)
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Attacker Value
Unknown

CVE-2022-23452

Disclosure Date: September 01, 2022 (last updated February 24, 2025)
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Attacker Value
Unknown

CVE-2022-2132

Disclosure Date: August 31, 2022 (last updated February 24, 2025)
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Attacker Value
Unknown

CVE-2022-0718

Disclosure Date: August 29, 2022 (last updated February 24, 2025)
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
Attacker Value
Unknown

CVE-2021-3563

Disclosure Date: August 26, 2022 (last updated February 24, 2025)
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
Attacker Value
Unknown

CVE-2021-3979

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.