CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3637 – Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)
https://notcve.org/view.php?id=CVE-2023-3637
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. • https://access.redhat.com/errata/RHSA-2023:4283 https://access.redhat.com/security/cve/CVE-2023-3637 https://bugzilla.redhat.com/show_bug.cgi?id=2222270 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-1625 – Information leak in api
https://notcve.org/view.php?id=CVE-2023-1625
An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. Se descubrió una fuga de información en OpenStack Heat. Este problema podría permitir que un atacante remoto y autenticado utilice el comando 'stack show' para revelar parámetros que se supone deben permanecer ocultos. • https://access.redhat.com/security/cve/CVE-2023-1625 https://bugzilla.redhat.com/show_bug.cgi?id=2181621 https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb https://launchpad.net/bugs/1999665 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 8.2EPSS: 0%CPEs: 16EXPL: 0CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling
https://notcve.org/view.php?id=CVE-2023-1668
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5387 https://www.openwall.com/lists/oss-security/2023/04/06/1 https://access.redhat.com/security/cve/CVE-2023-1668 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 2.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4134
https://notcve.org/view.php?id=CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. • https://bugs.launchpad.net/glance/+bug/1990157 https://bugzilla.redhat.com/show_bug.cgi?id=2147462 https://wiki.openstack.org/wiki/OSSN/OSSN-0090 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3277 – openstack-neutron: unrestricted creation of security groups
https://notcve.org/view.php?id=CVE-2022-3277
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. • https://bugs.launchpad.net/neutron/+bug/1988026 https://bugzilla.redhat.com/show_bug.cgi?id=2129193 https://access.redhat.com/security/cve/CVE-2022-3277 • CWE-400: Uncontrolled Resource Consumption •