ROS-20260129-73-0001

Vulnerability in openstack-barbican related to authentication bypass due to an initial bug. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

ROS-20260129-73-0002

Vulnerability in openstack-barbican related to lack of protection of proprietary data. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

ROS-20260129-73-0003

Vulnerability in openstack-barbican related to insufficient spatial partitioning. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

EUVD-2023-2449

Malicious code in bioql PyPI...

EUVD-2023-2450

Malicious code in bioql PyPI...

EUVD-2022-6888

Malicious code in bioql PyPI...

EUVD-2022-42529

Malicious code in bioql PyPI...

EUVD-2022-6721

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3100

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. CVE-2022-3100 Note th...

Linux Distros Unpatched Vulnerability : CVE-2022-23452

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an...

Linux Distros Unpatched Vulnerability : CVE-2022-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or...

RHSA-2023:6231 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

Bulletin has no description...

RHSA-2022:8874 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (openstack-barbican) security update

Bulletin has no description...

RHSA-2022:5114 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

Bulletin has no description...

RHSA-2022:6750 Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-barbican) security update

Bulletin has no description...

afs-file-validator (=1.0.1), apkutils (>=1.0.2 <=1.0.4) +28 more potentially affected by CVE-2024-31636 via lief (>=0.10.1 <=0.14.1)

lief PYPI version =0.10.1, =1.0.2, =1.0.0, =0.0.0, =0.4.2, =0.0.1, =2024.9.24, =5.0.0, =1.0.0, =0.0.1, =0.0.1, =2.0.1, =1.2.0, =1.5.0 and more Source cves: CVE-2024-31636 Source advisory: OSV:GHSA-377P-G8GR-5WPG...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-barbican) (RHSA-2023:6231)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6231 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security Fixes:...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-barbican: Insecure Barbican configuration file leaking credential

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

OpenStack Barbican credential leak flaw

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...