cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6110,https://securityvulnerability.io/vulnerability/CVE-2023-6110,Scope Deletion Vulnerability Affects OpenStack Security,"A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.",Red Hat,"Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Red Hat Openstack Platform 18.0",5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-17T11:15:00.000Z,0
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T10:00:51.745Z,0
CVE-2024-8007,https://securityvulnerability.io/vulnerability/CVE-2024-8007,OpenStack Platform Vulnerability Exposes Containers to MITM Attacks,"A flaw exists in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. An attacker may exploit this to deploy potentially compromised container images because the system has the option to disable TLS certificate verification for registry mirrors. This could lead to a serious security risk known as a man-in-the-middle (MITM) attack, where an attacker could intercept and manipulate communications between users and the registry. Properly managing TLS certificate verification settings is crucial to maintaining the integrity and security of the OpenStack environment.",Red Hat,"Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1",8.1,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2024-08-21T13:40:25.242Z,0
CVE-2024-43168,https://securityvulnerability.io/vulnerability/CVE-2024-43168,Unbound: heap-buffer-overflow in unbound,"A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",4.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-43167,https://securityvulnerability.io/vulnerability/CVE-2024-43167,Segmentation Fault Vulnerability in Unbound's ub_ctx_set_fwd Function,"A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",2.8,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-4840,https://securityvulnerability.io/vulnerability/CVE-2024-4840,Rhosp-director: cleartext passwords exposed in logs,"An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.",Red Hat,"Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-05-14T15:45:00.000Z,0
CVE-2024-4438,https://securityvulnerability.io/vulnerability/CVE-2024-4438,Incomplete Fix for CVE-2023-39325/CVE-2023-44487 in Red Hat OpenStack Platform,"The etcd package in the Red Hat OpenStack platform is vulnerable due to an incomplete fix related to previous CVEs, specifically CVE-2023-39325 and CVE-2023-44487, commonly referred to as Rapid Reset. This vulnerability arises because the etcd package utilizes the http://golang.org/x/net/http2 source instead of the properly managed version from Red Hat Enterprise Linux. This misconfiguration necessitates an update at compile time to ensure the integrity and security of the Red Hat OpenStack implementation. Organizations using affected versions should consider immediate remediation to mitigate potential security risks.",Red Hat,"Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 9,Red Hat Openstack Platform 18.0",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-05-08T08:59:42.187Z,0
CVE-2024-4437,https://securityvulnerability.io/vulnerability/CVE-2024-4437,Incomplete Fix for CVE-2021-44716 in Red Hat OpenStack Platform,"The etcd package included with the Red Hat OpenStack platform has an incomplete resolution to a previously identified vulnerability, CVE-2021-44716. This situation arises from the utilization of the standard library from golang.org rather than the version provided specifically by Red Hat Enterprise Linux. It is critical to compile the etcd package with the appropriate library to mitigate potential security risks associated with this oversight.",Red Hat,"Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-05-08T08:57:40.229Z,0
CVE-2024-4436,https://securityvulnerability.io/vulnerability/CVE-2024-4436,Incomplete Fix for CVE-2022-41723 in Red Hat OpenStack Platform,The etcd package utilized within the Red Hat OpenStack platform has a vulnerability stemming from an incomplete resolution of a prior issue (CVE-2022-41723). The root cause is the use of the http://golang.org/x/net/http2 package instead of the secure version provided by Red Hat Enterprise Linux. This oversight necessitates urgent updates at compile time to ensure the package meets required security standards and operates safely within deployed environments. Users of affected versions are advised to implement the latest patches to mitigate any potential security risks.,Red Hat,"Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-05-08T08:57:12.237Z,0
CVE-2024-1394,https://securityvulnerability.io/vulnerability/CVE-2024-1394,Memory Leak Vulnerability in Golang RSA Code Could Lead to Resource Exhaustion,"A memory leak flaw has been identified in the RSA encrypting and decrypting code of the Golang FIPS OpenSSL library. This issue arises from improper handling of named return parameters, specifically within the RSA library's context initialization process. When errors occur during context initialization or property settings, the related pointers, namely 'pkey' and 'ctx', are left unfreed, leading to a potential resource exhaustion vulnerability. Attackers can exploit this flaw through crafted inputs, causing the application to exhaust memory resources.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Developer Tools,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 9.0 Update Services For SAP Solutions,Red Hat Enterprise Linux 9.2 Extended Update Support,Red Hat Openshift Container Platform 4.12,Red Hat Openshift Container Platform 4.13,Red Hat Openshift Container Platform 4.14,Red Hat Openshift Container Platform 4.15,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Rhodf-4.16-rhel-9,Nbde Tang Server,Openshift Developer Tools And Services,Openshift Pipelines,Openshift Serverless,Red Hat Ansible Automation Platform 1.2,Red Hat Ansible Automation Platform 2,Red Hat Certification For Red Hat Enterprise Linux 8,Red Hat Certification For Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 4,Red Hat Openshift Container Storage 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Gitops,Red Hat Openshift On Aws,Red Hat Openshift Virtualization 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0,Red Hat Service Interconnect 1,Red Hat Software Collections,Red Hat Storage 3",7.5,HIGH,0.0006900000153109431,false,false,false,false,,false,false,2024-03-21T12:16:38.790Z,0
CVE-2023-6725,https://securityvulnerability.io/vulnerability/CVE-2023-6725,Private Configuration Information Exposed in OpenStack Designate,An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.,Red Hat,"Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.1,Red Hat Openstack Platform 18.0",6.6,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-15T12:38:23.158Z,0
CVE-2023-3966,https://securityvulnerability.io/vulnerability/CVE-2023-3966,Crafted Geneve Packets May Cause Denial of Service and Invalid Memory Accesses in Open vSwitch,"A vulnerability in Open vSwitch has been identified where multiple versions are susceptible to maliciously crafted Geneve packets. This flaw has the potential to lead to denial of service by causing invalid memory accesses. Exploitation of this vulnerability necessitates that hardware offloading via the netlink path is enabled, making systems at risk particularly those that utilize specific network configurations.",Red Hat,"Openvswitch,Fast Datapath For Rhel 7,Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 3.11,Openstack Rdo,Fedora",7.5,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2024-02-22T12:15:53.128Z,0
CVE-2024-1141,https://securityvulnerability.io/vulnerability/CVE-2024-1141,Glance-store: glance store access key logged in debug log level,A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.,Red Hat,"Red Hat Openstack Platform 17.1 For Rhel 9,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 18.0",5.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-02-01T14:21:37.758Z,0
CVE-2023-5625,https://securityvulnerability.io/vulnerability/CVE-2023-5625,Python-eventlet: patch regression for cve-2021-21419 in some red hat builds,"A regression has been identified in the Red Hat build of python-eventlet. This issue arose from a modification in the patch application strategy, leading to the failure of a critical patch for CVE-2021-21419 to be applied across all builds of Red Hat products. Consequently, users may be exposed to vulnerabilities stemming from this oversight, impacting the security and stability of affected systems.",Red Hat,"Ironic Content For Red Hat Openshift Container Platform 4.12,Red Hat Openstack Platform 17.1 For Rhel 8,Red Hat Openstack Platform 17.1 For Rhel 9",7.5,HIGH,0.0012499999720603228,false,false,false,false,,false,false,2023-11-01T14:15:00.000Z,0
CVE-2023-5366,https://securityvulnerability.io/vulnerability/CVE-2023-5366,Openvswitch don't match packets on nd_target field,A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.,Red Hat,"Openvswitch,Fast Datapath For Rhel 7,Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Enterprise Linux 7,Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Virtualization 4,Fedora",5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-10-06T18:15:00.000Z,0
CVE-2023-3153,https://securityvulnerability.io/vulnerability/CVE-2023-3153,Service monitor mac flow is not rate limited,"A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.",Red Hat,"Ovn,Fast Datapath For Rhel 7,Fast Datapath For Rhel 8,Fast Datapath For Rhel 9,Red Hat Openshift Container Platform 4,Red Hat Openstack Platform 13 (queens),Fedora",5.3,MEDIUM,0.0013200000394135714,false,false,false,false,,false,false,2023-10-04T12:15:00.000Z,0
CVE-2023-3223,https://securityvulnerability.io/vulnerability/CVE-2023-3223,Undertow: outofmemoryerror due to @multipartconfig handling,"A vulnerability has been identified in Undertow, where servlets annotated with @MultipartConfig may lead to an OutOfMemoryError during processing of large multipart content submissions. This flaw can enable unauthorized users to launch remote Denial of Service attacks. Importantly, if file size thresholds are employed to restrict uploads, attackers can bypass these limits by manipulating the request to set the file name to null, thus exploiting this weakness.",Red Hat,"Red Hat Fuse 7.12.1,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6.5,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Openstack Platform 13 (queens) Operational Tools,Red Hat Process Automation 7,Red Hat Support For Spring Boot",7.5,HIGH,0.011149999685585499,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0
CVE-2023-1636,https://securityvulnerability.io/vulnerability/CVE-2023-1636,Incomplete container isolation,"A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.",Red Hat,"Openstack-barbican,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",6,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-09-24T01:15:00.000Z,0
CVE-2023-1633,https://securityvulnerability.io/vulnerability/CVE-2023-1633,Insecure barbican configuration file leaking credential,"A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.",Red Hat,"Openstack-barbican,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",6.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-24T01:15:00.000Z,0
CVE-2023-1625,https://securityvulnerability.io/vulnerability/CVE-2023-1625,Information leak in api,"An information leak has been identified in OpenStack Heat, allowing a remote authenticated attacker to exploit the 'stack show' command. This flaw permits the exposure of parameters that are intended to remain confidential, potentially compromising system integrity. It's crucial for users to assess their configurations and apply necessary security best practices to mitigate any risks linked to this vulnerability.",Red Hat,"Openstack-heat,Red Hat Openstack Platform 13 (queens),Red Hat Openstack Platform 16.1,Red Hat Openstack Platform 16.2,Red Hat Openstack Platform 17.0,Openstack Rdo",7.4,HIGH,0.0011699999449774623,false,false,false,false,,false,false,2023-09-24T01:15:00.000Z,0
CVE-2022-3596,https://securityvulnerability.io/vulnerability/CVE-2022-3596,Instack-undercloud: rsync leaks information to undercloud,"An information leak vulnerability has been identified in the OpenStack Undercloud, enabling unauthenticated remote attackers to gain access to sensitive data by merely discovering the undercloud's IP address. This flaw could potentially lead to the exposure of critical private information, including administrator access credentials, thereby heightening the risk of unauthorized access and data compromise.",Red Hat,"Red Hat Openstack Platform 13.0 - Els,Red Hat Openstack Platform 13.0 (queens) For Rhel 7.6 Eus",7.5,HIGH,0.004819999914616346,false,false,false,false,,false,false,2023-09-20T19:06:28.487Z,0
CVE-2022-3261,https://securityvulnerability.io/vulnerability/CVE-2022-3261,Plain-text passwords saved in /var/log/messages,"A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.",Red Hat,"Openstack,Red Hat Openstack Platform 16.2",4.4,MEDIUM,0.0014299999456852674,false,false,false,false,,false,false,2023-09-15T20:20:18.481Z,0
CVE-2023-1108,https://securityvulnerability.io/vulnerability/CVE-2023-1108,Infinite loop in sslconduit during close,"A vulnerability has been identified within Undertow, affecting its SSL Conduit. This flaw stems from an unexpected handshake status update, which can cause an infinite loop, thereby resulting in a Denial of Service. Malicious actors could exploit this vulnerability to prevent legitimate access to the service, leading to disruptions. Users of Undertow are advised to apply the latest patches to mitigate the risk associated with this issue.",Red Hat,"undertow,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,Red Hat JBoss Fuse 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7.6 for RHEL 7,Red Hat Single Sign-On 7.6 for RHEL 8,Red Hat Single Sign-On 7.6 for RHEL 9,RHEL-8 based Middleware Containers,Text-Only RHOAR,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Fuse 6,Red Hat OpenStack Platform 13 (Queens),Red Hat Process Automation 7",7.5,HIGH,0.004100000020116568,false,false,false,false,,false,false,2023-09-14T15:15:00.000Z,0
CVE-2023-3301,https://securityvulnerability.io/vulnerability/CVE-2023-3301,Triggerable assertion due to race condition in hot-unplug,A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.,Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Extra Packages for Enterprise Linux,Fedora",5.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0
CVE-2023-2680,https://securityvulnerability.io/vulnerability/CVE-2023-2680,Dma reentrancy issue (incomplete fix for cve-2021-3750),"The vulnerability arises from an incomplete implementation of a previous fix for an earlier CVE, specifically related to the QEMU-KVM package in Red Hat Enterprise Linux 9.1. The version released under RHSA-2022:7967 inadvertently lacked the necessary correction for a known vulnerability identified as CVE-2021-3750, exposing systems to potential risks associated with that flaw. Users of Red Hat Enterprise Linux 9.1 should be aware of this issue and consider taking appropriate measures to mitigate any potential security threats.",Red Hat,"qemu,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8 Advanced Virtualization,Red Hat Enterprise Linux 9,Red Hat OpenStack Platform 13 (Queens),Fedora,Extra Packages for Enterprise Linux",8.2,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2023-09-13T17:15:00.000Z,0