CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3261 – Plain-text passwords saved in /var/log/messages
https://notcve.org/view.php?id=CVE-2022-3261
A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. Se encontró una falla en OpenStack. Varios componentes muestran contraseñas de texto sin formato en /var/log/messages durante la ejecución de la actualización de OpenStack overcloud, lo que genera un problema de divulgación de información sensible. • https://access.redhat.com/security/cve/CVE-2022-3261 https://bugzilla.redhat.com/show_bug.cgi?id=2128834 • CWE-256: Plaintext Storage of a Password CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3637 – Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)
https://notcve.org/view.php?id=CVE-2023-3637
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. • https://access.redhat.com/errata/RHSA-2023:4283 https://access.redhat.com/security/cve/CVE-2023-3637 https://bugzilla.redhat.com/show_bug.cgi?id=2222270 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2023-3354
A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3354 https://bugzilla.redhat.com/show_bug.cgi?id=2216478 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2088 – openstack-cinder: silently access other user's volumes
https://notcve.org/view.php?id=CVE-2023-2088
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. • https://bugs.launchpad.net/bugs/2004555 https://security.openstack.org/ossa/OSSA-2023-003.html https://access.redhat.com/security/cve/CVE-2023-2088 https://bugzilla.redhat.com/show_bug.cgi?id=2179587 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-440: Expected Behavior Violation •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-1625 – Information leak in api
https://notcve.org/view.php?id=CVE-2023-1625
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. Se descubrió una fuga de información en OpenStack Heat. Este problema podría permitir que un atacante remoto y autenticado utilice el comando 'stack show' para revelar parámetros que se supone deben permanecer ocultos. • https://access.redhat.com/security/cve/CVE-2023-1625 https://bugzilla.redhat.com/show_bug.cgi?id=2181621 https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb https://launchpad.net/bugs/1999665 • CWE-202: Exposure of Sensitive Information Through Data Queries •