CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1633 – Insecure barbican configuration file leaking credential
https://notcve.org/view.php?id=CVE-2023-1633
24 Sep 2023 — A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. Se encontró una falla de fuga de credenciales en OpenStack Barbican. Esta falla permite que un atacante autenticado local lea el archivo de configuración y obtenga acceso a credenciales sensibles. An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2. • https://access.redhat.com/security/cve/CVE-2023-1633 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1636 – Incomplete container isolation
https://notcve.org/view.php?id=CVE-2023-1636
24 Sep 2023 — A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. Se encontró una vulnerabilidad en los contenedores OpenStack Barbican. • https://access.redhat.com/security/cve/CVE-2023-1636 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 1CVE-2023-1625 – Information leak in api
https://notcve.org/view.php?id=CVE-2023-1625
10 May 2023 — An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. Se descubrió una fuga de información en OpenStack Heat. Este problema podría permitir que un atacante remoto y autenticado utilice el comando 'stack show' para revelar parámetros que se supone deben permanecer ocultos. • https://access.redhat.com/security/cve/CVE-2023-1625 • CWE-202: Exposure of Sensitive Information Through Data Queries •
CVSS: 8.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling
https://notcve.org/view.php?id=CVE-2023-1668
10 Apr 2023 — A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. An update for redhat-release-virtualization-host and re... • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 2.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4134
https://notcve.org/view.php?id=CVE-2022-4134
06 Mar 2023 — A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. • https://bugs.launchpad.net/glance/+bug/1990157 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3277 – openstack-neutron: unrestricted creation of security groups
https://notcve.org/view.php?id=CVE-2022-3277
08 Dec 2022 — An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. • https://bugs.launchpad.net/neutron/+bug/1988026 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3101 – tripleo-ansible: /var/lib/mistral/overcloud discoverable
https://notcve.org/view.php?id=CVE-2022-3101
18 Oct 2022 — A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact ... • https://access.redhat.com/security/cve/CVE-2022-3101 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3146 – tripleo-ansible: /etc/openstack/clouds.yaml discoverable
https://notcve.org/view.php?id=CVE-2022-3146
18 Oct 2022 — A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. An update for tripleo-ansible is now available for Red Hat OpenStack Platform. • https://access.redhat.com/security/cve/CVE-2022-3146 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •