Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-41724
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly...
Golang Go
Golang Go 1.20.0
7.5
CVSSv3
CVE-2022-41725
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package wi...
Golang Go
Golang Go 1.20.0
3.5
CVSSv3
CVE-2023-23934
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Hos...
Palletsprojects Werkzeug
7.5
CVSSv3
CVE-2023-25577
Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more m...
Palletsprojects Werkzeug
5.7
CVSSv3
CVE-2022-47951
An issue exists in OpenStack Cinder prior to 19.1.2, 20.x prior to 20.0.2, and 21.0.0; Glance prior to 23.0.1, 24.x prior to 24.1.1, and 25.0.0; and Nova prior to 24.1.2, 25.x prior to 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific...
Openstack Nova
Openstack Glance
Openstack Cinder
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.9
CVSSv3
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Openstack Barbican -
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack 13
Redhat Openstack For Ibm Power 13
Redhat Openstack For Ibm Power 16.2
Redhat Openstack 17
Redhat Openstack Platform 13.0
6.5
CVSSv3
CVE-2022-47950
An issue exists in OpenStack Swift prior to 2.28.1, 2.29.x prior to 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially se...
Openstack Swift
Openstack Swift 2.30.0
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2022-4415
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Systemd Project Systemd
7.5
CVSSv3
CVE-2022-3064
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Yaml Project Yaml
7.8
CVSSv3
CVE-2022-38060
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
Openstack Kolla -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »