Lucene search
K

401 matches found

OSV
OSV
added 2024/09/05 12:0 a.m.11 views

DLA-3871-1 cinder - security update

Bulletin has no description...

6.5CVSS6.4AI score0.01198EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/09/05 12:0 a.m.13 views

Debian: Security Advisory (DLA-3871-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.01198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/05 12:0 a.m.22 views

Debian dla-3871 : cinder-api - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3871 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected]...

6.5CVSS7AI score0.01198EPSS
Exploits0References6
Debian
Debian
added 2024/09/04 10:33 p.m.18 views

[SECURITY] [DLA 3871-1] cinder security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...

6.5CVSS7AI score0.01198EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/08/22 12:0 a.m.16 views

Debian: Security Advisory (DSA-5754-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.6AI score0.00835EPSS
Exploits0References2
Debian
Debian
added 2024/08/21 11:4 a.m.10 views

[SECURITY] [DSA 5754-1] cinder security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 21, 2024 https://www.debian.org/security/faq -...

6.5CVSS6.4AI score0.00835EPSS
Exploits0
OSV
OSV
added 2024/08/21 12:0 a.m.14 views

DSA-5754-1 cinder - security update

Bulletin has no description...

6.5CVSS6.1AI score0.00835EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.16 views

Debian dsa-5754 : cinder-api - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5754 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5754-1 [email protected] https://www.debian.org/security/ Moritz...

6.5CVSS6.8AI score0.00835EPSS
Exploits0References4
Virtuozzo
Virtuozzo
added 2024/07/17 12:0 a.m.40 views

Virtuozzo Hybrid Infrastructure 6.0 Update 1 Hotfix 9 (6.0.1-102)

This update provides security and stability fixes. Vulnerability id: VSTOR-75009, VSTOR-76816 Stability fixes for the hypervisor. Vulnerability id: VSTOR-86808 Fixed an issue with delayed file creation on NFS. Vulnerability id: VSTOR-88495 Fixed a high availability issue with incorrect paths of N...

7.8CVSS7.8AI score0.27935EPSS
Exploits1
Veracode
Veracode
added 2024/07/10 9:45 a.m.17 views

Arbitrary File Access

OpenStack Cinder, Glance, and Nova are vulnerable to Arbitrary File Access. The vulnerability is due to a flaw in handling custom QCOW2 external data, where a crafted QCOW2 image can reference a specific data file path. The vulnerability allows an authenticated user to retrieve unauthorized copie...

6.5CVSS6.1AI score0.00835EPSS
Exploits0References14Affected Software3
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.20 views

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (RHSA-2024:4425)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4425 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...

6.5CVSS6.6AI score0.00835EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 12:14 p.m.28 views

Critical: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 security update

An update for openstack-cinder, openstack-glance, and openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

6.5CVSS6.7AI score0.00835EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/07/09 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-6882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.1AI score0.00835EPSS
Exploits0References2
OSV
OSV
added 2024/07/08 11:49 a.m.3 views

USN-6882-1 cinder vulnerability

Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...

6.5CVSS6.1AI score0.00835EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/07/08 11:49 a.m.34 views

USN-6882-1: Cinder vulnerability

Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information...

6.5CVSS6.7AI score0.00835EPSS
Exploits0
Virtuozzo
Virtuozzo
added 2024/07/08 12:0 a.m.14 views

Virtuozzo Hybrid Infrastructure 6.1 Update 1 Hotfix 4 (6.1.1-47)

This update provides stability and performance fixes. Vulnerability id: VSTOR-78110 Fixed an issue with missing firewall rules for certain ports. Vulnerability id: VSTOR-85979 New settings may be missing in the S3 gateway, which blocks access to the S3 user panel. Vulnerability id: VSTOR-86340 Th...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/08 12:0 a.m.23 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Cinder vulnerability (USN-6882-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6882-1 advisory. Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to...

6.5CVSS6.9AI score0.00835EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/07/05 3:30 a.m.4 views

cinderlib (>=2.1.0 <=5.2.0), cinderlib-csi (=0.0.2) +1 more potentially affected by CVE-2024-32498 via cinder (>=16.4.2 <=23.5.0)

cinder PYPI version =16.4.2, =2.1.0, =0.9.0, =0.9.1 Source cves: CVE-2024-32498 Source advisory: OSV:GHSA-R4V4-W9PV-6FPH...

6.5CVSS6.7AI score0.00835EPSS
Exploits0
OSV
OSV
added 2024/07/05 3:30 a.m.35 views

GHSA-R4V4-W9PV-6FPH OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

7.1CVSS5.8AI score0.00835EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2024/07/05 3:30 a.m.23 views

OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

6.5CVSS6.2AI score0.00835EPSS
Exploits0References16Affected Software3
Rows per page
Query Builder