CVE-2021-20267
https://notcve.org/view.php?id=CVE-2021-20267
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1934330 https://security.openstack.org/ossa/OSSA-2021-001.html • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2020-25658 – python-rsa: bleichenbacher timing oracle attack against RSA decryption
https://notcve.org/view.php?id=CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. Se detectó que python-rsa es vulnerable a los ataques de sincronización de tipo Bleichenbacher. Un atacante puede utilizar este fallo por medio de la API de descifrado RSA para descifrar partes del texto cifrado con RSA A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 https://github.com/sybrenstuvel/python-rsa/issues/165 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7 https://access.redhat.com/security/cve/CVE-2020-25 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVE-2020-1690 – openstack-selinux: policy flaw allows dbus messaging
https://notcve.org/view.php?id=CVE-2020-1690
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. Se ha detectado un fallo de autorización inapropiada en la política aplicada de openstack-selinux, que no impide a un usuario no root en un contenedor pueda escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1789640 https://access.redhat.com/security/cve/CVE-2020-1690 • CWE-285: Improper Authorization •
CVE-2020-10731 – openstack-tripleo-heat-templates: No sVirt protection for OSP16 VMs due to disabled SELinux
https://notcve.org/view.php?id=CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. Se encontró un fallo en el contenedor nova_libvirt provisto por el Red Hat OpenStack Platform versión 16, donde no se encuentra habilitado SELinux. Este fallo causa que sVirt, un importante mecanismo de aislamiento, se deshabilite para todas las máquinas virtuales en ejecución • https://bugzilla.redhat.com/show_bug.cgi?id=1831544 https://access.redhat.com/security/cve/CVE-2020-10731 • CWE-284: Improper Access Control CWE-1220: Insufficient Granularity of Access Control •
CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria sin restringir en Google Guava 11.0 hasta las versiones 24.x anteriores a la 24.1.1 permite que los atacantes remotos realicen ataques de denegación de servicio (DoS) contra servidores que dependen de esta librería y que deserialicen datos proporcionados por dichos atacantes debido a que la clase AtomicDoubleArray (cuando se serializa con serialización Java) y la clase CompoundOrdering (cuando se serializa con serialización GWT) realiza una asignación sin comprobar adecuadamente lo que ha enviado un cliente y si el tamaño de los datos es razonable. A vulnerability was found in Guava where the AtomicDoubleArray and CompoundOrdering classes were found to allocate memory based on size fields sent by the client without validation. A crafted message could cause the server to consume all available memory or crash leading to a denial of service. • http://www.securitytracker.com/id/1041707 https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2598 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2740 https://access.redhat.com/errata/RHSA-2018:2741 https://access.redhat.com/errata/RHSA-2018:274 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •