Filtered by vendor Redhat Subscriptions
Filtered by product Openstack Subscriptions
Total 710 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2680 2 Qemu, Redhat 4 Qemu, Advanced Virtualization, Enterprise Linux and 1 more 2024-08-02 7.5 High
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.
CVE-2023-2088 1 Redhat 1 Openstack 2024-08-02 6.5 Medium
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.
CVE-2023-1108 2 Netapp, Redhat 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more 2024-08-02 7.5 High
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2024-39614 2 Djangoproject, Redhat 5 Django, Ansible Automation Platform, Openstack and 2 more 2024-08-02 7.5 High
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
CVE-2024-39329 2 Djangoproject, Redhat 5 Django, Ansible Automation Platform, Openstack and 2 more 2024-08-02 5.3 Medium
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password.
CVE-2024-38875 1 Redhat 4 Ansible Automation Platform, Openstack, Satellite and 1 more 2024-08-02 7.5 High
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets.
CVE-2024-29156 1 Redhat 1 Openstack 2024-08-02 8.4 High
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
CVE-2024-24680 2 Djangoproject, Redhat 6 Django, Ansible Automation Platform, Openstack and 3 more 2024-08-01 7.5 High
An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
CVE-2024-22195 2 Palletsprojects, Redhat 9 Jinja, Ansible Automation Platform, Ceph Storage and 6 more 2024-08-01 5.4 Medium
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
CVE-2024-1135 1 Redhat 5 Ansible Automation Platform, Openshift, Openstack and 2 more 2024-08-01 N/A
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.