Lucene search
+L

102 matches found

RedHat Linux
RedHat Linux
added 2025/04/07 10:36 p.m.6 views

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

5.3CVSS5.7AI score0.00663EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/27 2:57 p.m.15 views

CVE-2025-21890 idpf: fix checksums set in idpf_rx_rsc()

In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...

0.00176EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-47211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum...

5.3CVSS6.6AI score0.00663EPSS
Exploits0References3
NVD
NVD
added 2025/02/26 7:1 a.m.13 views

CVE-2022-49340

In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...

5.5CVSS0.00267EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/02/26 2:10 a.m.11 views

CVE-2022-49340

In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum offload on CHECKSUMPARTIAL packets. ipgrexmit must validate csumstart after an optional skbpull, else lcocsum may trigger an overflow...

5.5CVSS5.5AI score0.00267EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/22 3:57 p.m.5 views

openstack-ironic: Lack of checksum validation on images

A flaw was found in OpenStack Ironic. The lack of checksum verification allows an attacker with access to the images to modify an image without the change noticed by OpenStack. This issue leads to integrity issues in the image...

5.3CVSS5.7AI score0.00663EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/01/22 12:0 a.m.18 views

RHEL 9 : Red Hat OpenStack Platform 18.0.4 (openstack-ironic) (RHSA-2025:0439)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0439 advisory. Ironic is a project which aims to provision bare metal as opposed to virtual machines by leveraging common technologies such as PXE boot and IPMI to...

5.3CVSS6.5AI score0.00663EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.6 views

Gradio 数据伪造问题漏洞

Gradio, an open source Python library open sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. Gradio suffers from a Data Forgery Problem vulnerability that stems from the fact that if an attacker gains access to the remote URL where th...

7.5CVSS6.5AI score0.00208EPSS
Exploits0References3
Veracode
Veracode
added 2024/10/09 4:34 a.m.6 views

Man-in-the-middle(MitM)

OpenStack Ironic is vulnerable to Man-in-the-middleMitM. The vulnerability is due to the lack of checksum validation on the supplied imagesource URLs, allows for the possibility of malicious actors manipulating the image data during the conversion process...

5.3CVSS6.6AI score0.00663EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/10/04 6:31 p.m.14 views

GHSA-8H22-6QWX-Q4W9 OpenStack Ironic fails to verify checksums of supplied image_source URLs

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

6.9CVSS5.4AI score0.00663EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/10/04 6:31 p.m.24 views

OpenStack Ironic fails to verify checksums of supplied image_source URLs

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS6.8AI score0.00663EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/10/04 6:15 p.m.5 views

DEBIAN-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS6.3AI score0.00663EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 6:15 p.m.4 views

UBUNTU-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS5.8AI score0.00663EPSS
Exploits0References6
CVE
CVE
added 2024/10/04 12:0 a.m.105 views

CVE-2024-47211

The CVE-2024-47211 issue in OpenStack Ironic is due to lack of checksum validation for image_source URLs when converting images to raw format for streaming. Affected ranges include OpenStack Ironic releases before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x...

5.3CVSS6.7AI score0.00663EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.8 views

PT-2024-32480

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 21.4.4 OpenStack Ironic versions 22.x through 23.x before 23.0.3 OpenStack Ironic versions 23.x through 24.x before 24.1.3 OpenStack Ironic versions 25.x through 26.x before 26.1.0 Description The issue is...

6.9CVSS6.6AI score0.00663EPSS
Exploits0References24
Vulnrichment
Vulnrichment
added 2024/10/04 12:0 a.m.19 views

CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

7.2AI score0.00663EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.247 views

MS14-068 Microsoft Kerberos Checksum Validation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS14-068 Microsoft Kerberos Checksum Validation Vulnerability', 'Description' = %q This module exploits a vulnerability in the Microsoft Kerberos...

9CVSS7AI score0.87448EPSS
Exploits8
Vulnrichment
Vulnrichment
added 2024/08/26 10:10 a.m.14 views

CVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr

In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csumstart and offset in virtionethdr Tighten csumstart and csumoffset checks in virtionethdrtoskb for GSO packets. The function already checks that a checksum requested with VIRTIONETHDRFNEEDSCSUM is in skb...

7.1AI score0.00212EPSS
Exploits0References5
Prion
Prion
added 2023/08/17 6:15 p.m.16 views

Input validation

rubygems.org is the Ruby community's primary gem library hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching /-\d/, permanently replacing the legitimate upload in the canonical gem...

5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/17 5:6 p.m.2488 views

CVE-2023-40165

The CVE-2023-40165 entry concerns RubyGems.org, the Ruby community gem hosting service. The vulnerability arose from insufficient input validation that allowed replacement of uploaded gems whose platform, version, or gem name matched “/-\d/,” enabling a malicious upload to temporarily override a ...

7.5CVSS7.3AI score0.00395EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder