Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openstack 16.1 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-3146
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local malicious user to use brute force to explore the relevant directory and discover the file. This issue leads...
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack For Ibm Power 16.2
Openstack Tripleo Ansible -
5.5
CVSSv3
CVE-2022-3101
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local malicious user to use brute force to explore the relevant directory and discover the file, leading to infor...
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack For Ibm Power 16.2
Openstack Tripleo Ansible -
5.9
CVSSv3
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Openstack Barbican -
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack 13
Redhat Openstack For Ibm Power 13
Redhat Openstack For Ibm Power 16.2
Redhat Openstack 17
Redhat Openstack Platform 13.0
2.8
CVSSv3
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated malicious user to tamper with images, compromising the integrity of virtual machines created using these modified images.
Openstack Glance
Redhat Openstack 13
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack 17
6.5
CVSSv3
CVE-2020-1690
An improper authorization flaw exists in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With acces...
Redhat Openstack-selinux
Redhat Openstack Platform 16.1
Redhat Openstack Platform 15.0
4.3
CVSSv3
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would g...
Redhat Openstack 13
Redhat Openstack 16.1
Openstack Tripleo Heat Templates
Redhat Openstack 16.2
6.1
CVSSv3
CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Openstack Nova
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
9.9
CVSSv3
CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Redhat Openstack Platform 15.0
Redhat Openstack Platform 16.0
Redhat Openstack Platform 16.1
1 Article
8.1
CVSSv3
CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete p...
Openstack Barbican
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 16.2
5
CVSSv3
CVE-2023-1636
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any ...
Openstack Barbican -
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
Redhat Openstack Platform 17.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »