401 matches found
DLA-3871-1 cinder - security update
Bulletin has no description...
Debian: Security Advisory (DLA-3871-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3871 : cinder-api - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3871 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected]...
[SECURITY] [DLA 3871-1] cinder security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DSA-5754-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5754-1] cinder security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...
DSA-5754-1 cinder - security update
Bulletin has no description...
Debian dsa-5754 : cinder-api - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5754 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz...
Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 9 (6.0.1-102)
This update provides security and stability fixes. Vulnerability id: VSTOR-75009, VSTOR-76816 Stability fixes for the hypervisor. Vulnerability id: VSTOR-86808 Fixed an issue with delayed file creation on NFS. Vulnerability id: VSTOR-88495 Fixed a high availability issue with incorrect paths of N...
Arbitrary File Access
OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 security update
An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Ubuntu: Security Advisory (USN-6882-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6882-1 cinder vulnerability
Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
USN-6882-1: Cinder vulnerability
Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...
Virtuozzo Hybrid Infrastructure 6.1 Update 1 Hotfix 4 (6.1.1-47)
This update provides stability and performance fixes. Vulnerability id: VSTOR-78110 Fixed an issue with missing firewall rules for certain ports. Vulnerability id: VSTOR-85979 New settings may be missing in the S3 gateway, which blocks access to the S3 user panel. Vulnerability id: VSTOR-86340 Th...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Cinder vulnerability (USN-6882-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6882-1 advisory. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to...
cinderlib (>=2.1.0 <=5.2.0), cinderlib-csi (=0.0.2) +1 more potentially affected by CVE-2024-32498 via cinder (>=16.4.2 <=23.5.0)
cinder PYPI version =16.4.2, =2.1.0, =0.9.0, =0.9.1 Source cves: CVE-2024-32498 Source advisory: OSV:GHSA-R4V4-W9PV-6FPH...
GHSA-R4V4-W9PV-6FPH OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...