Page 3 of 278 results (0.004 seconds)

CVSS: 8.2EPSS: 0%CPEs: 16EXPL: 0

CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling

https://notcve.org/view.php?id=CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 https://lists.debian.org/debian-lts-announce/2023/05/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2GUNS3WSJG4TUDKZ5L7FXGJMVOD6EJZ https://security.gentoo.org/glsa/202311-16 https://www.debian.org/security/2023/dsa-5387 https://www.openwall.com/lists/oss-security/2023/04/06/1 https://access.redhat.com/security/cve/CVE-2023-1668 • CWE-670: Always-Incorrect Control Flow Implementation •

CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2023-1108 – Undertow: infinite loop in sslconduit during close

https://notcve.org/view.php?id=CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Se encontró una falla en undertow. Este problema hace posible lograr una denegación de servicio debido a un estado de protocolo de enlace inesperado actualizado en SslConduit, donde el bucle nunca termina • https://access.redhat.com/errata/RHSA-2023:1184 https://access.redhat.com/errata/RHSA-2023:1185 https://access.redhat.com/errata/RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 2.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-4134

https://notcve.org/view.php?id=CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. • https://bugs.launchpad.net/glance/+bug/1990157 https://bugzilla.redhat.com/show_bug.cgi?id=2147462 https://wiki.openstack.org/wiki/OSSN/OSSN-0090 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-38065

https://notcve.org/view.php?id=CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. Existe una vulnerabilidad de escalada de privilegios en la funcionalidad oslo.privsep de OpenStack git master 05194e7618 y anteriores. La funcionalidad demasiado permisiva dentro de las herramientas que aprovechan esta librería dentro de un contenedor puede generar mayores privilegios. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1599 • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3596 – Instack-undercloud: rsync leaks information to undercloud

https://notcve.org/view.php?id=CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. Se encontró una fuga de información en la nube inferior de OpenStack. Esta falla permite a atacantes remotos no autenticados inspeccionar datos sensibles después de descubrir la dirección IP de la nube, lo que posiblemente comprometa la información privada, incluidas las credenciales de acceso del administrador. • https://access.redhat.com/errata/RHSA-2022:8897 https://access.redhat.com/security/cve/CVE-2022-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2136596 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •