CVE & Exploit Intelligence Database

CVE-2023-2088 6.5 MEDIUM EPSS 0.00

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

CWE-440 May 12, 2023

CVE-2022-3146 5.5 MEDIUM EPSS 0.00

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

CWE-22 Mar 23, 2023

CVE-2022-3101 5.5 MEDIUM EPSS 0.00

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

CWE-22 Mar 23, 2023

CVE-2022-4134 2.8 LOW EPSS 0.00

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

CWE-829 Mar 06, 2023

CVE-2022-3100 5.9 MEDIUM EPSS 0.00

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

CWE-305 Jan 18, 2023

CVE-2022-38065 8.8 HIGH EPSS 0.00

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

CWE-269 Dec 21, 2022

CVE-2022-1655 6.5 MEDIUM EPSS 0.00

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.

CWE-732 Jul 22, 2022

CVE-2021-4180 4.3 MEDIUM EPSS 0.00

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

CWE-200 Mar 23, 2022

CVE-2021-3656 8.8 HIGH 1 PoC Analysis EPSS 0.00

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

CWE-862 Mar 04, 2022

CVE-2021-3620 5.5 MEDIUM EPSS 0.00

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.

CWE-209 Mar 03, 2022

CVE-2021-3930 6.5 MEDIUM EPSS 0.00

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition.

CWE-193 Feb 18, 2022

CVE-2020-25717 8.1 HIGH EPSS 0.01

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

CWE-20 Feb 18, 2022

CVE-2016-2124 5.9 MEDIUM EPSS 0.01

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.

CWE-287 Feb 18, 2022

CVE-2021-31918 7.5 HIGH EPSS 0.00

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality.

CWE-200 May 06, 2021

CVE-2020-27827 7.5 HIGH EPSS 0.00

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

CWE-400 Mar 18, 2021

CVE-2020-14355 6.6 MEDIUM EPSS 0.01

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

CWE-120 Oct 07, 2020

CVE-2020-14364 5.0 MEDIUM 2 PoCs Analysis EPSS 0.13

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.

CWE-125 Aug 31, 2020

CVE-2020-9490 7.5 HIGH EPSS 0.76

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

CWE-444 Aug 07, 2020

CVE-2020-10756 6.5 MEDIUM EPSS 0.00

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.

CWE-125 Jul 09, 2020

CVE-2019-14900 6.5 MEDIUM 1 PoC Analysis EPSS 0.02

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

CWE-89 Jul 06, 2020