102 matches found
openstack-ironic: Lack of checksum validation on images
A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...
CVE-2025-21890 idpf: fix checksums set in idpf_rx_rsc()
In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...
Linux Distros Unpatched Vulnerability : CVE-2024-47211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum...
CVE-2022-49340
In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...
CVE-2022-49340
In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...
openstack-ironic: Lack of checksum validation on images
A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...
RHEL 9 : Red Hat OpenStack Platform 18.0.4 (openstack-ironic) (RHSA-2025:0439)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0439 advisory. Ironic is a project which aims to provision bare metal as opposed to virtual machines by leveraging common technologies such as PXE boot and IPMI to...
Gradio 数据伪造问题漏洞
Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a Data Forgery Problem vulnerability that stems from the fact that if an attacker gains access to the remote URL where th...
Man-in-the-middle(MitM)
OpenStack Ironic is vulnerable to Man-in-the-middleMitM. The vulnerability is due to the lack of checksum validation on the supplied imagesource URLs, allows for the possibility of malicious actors manipulating the image data during the conversion process...
GHSA-8H22-6QWX-Q4W9 OpenStack Ironic fails to verify checksums of supplied image_source URLs
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...
OpenStack Ironic fails to verify checksums of supplied image_source URLs
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...
DEBIAN-CVE-2024-47211
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...
UBUNTU-CVE-2024-47211
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...
CVE-2024-47211
The CVE-2024-47211 issue in OpenStack Ironic is due to lack of checksum validation for image_source URLs when converting images to raw format for streaming. Affected ranges include OpenStack Ironic releases before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x...
PT-2024-32480
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 21.4.4 OpenStack Ironic versions 22.x through 23.x before 23.0.3 OpenStack Ironic versions 23.x through 24.x before 24.1.3 OpenStack Ironic versions 25.x through 26.x before 26.1.0 Description The issue is...
CVE-2024-47211
In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...
MS14-068 Microsoft Kerberos Checksum Validation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS14-068 Microsoft Kerberos Checksum Validation Vulnerability', 'Description' = %q This module exploits a vulnerability in the Microsoft Kerberos...
CVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr
In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csumstart and offset in virtionethdr Tighten csumstart and csumoffset checks in virtionethdrtoskb for GSO packets. The function already checks that a checksum requested with VIRTIONETHDRFNEEDSCSUM is in skb...
Input validation
rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...
CVE-2023-40165
The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...