137 matches found
GHSA-3J69-69WJ-XQX2 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2025.1, openstack-glance-2026.1-fips, datahub-ingestion, openstack-horizon-2026.1-fips, openstack-keystone-2025.2-fips, openstack-glance-2025.2, openstack-glance-2025.2-fips, openstack-glance-2025.1-fips, openstack-horizon-2025.1-fips,...
CVE-2026-54911 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2025.1, openstack-glance-2026.1-fips, datahub-ingestion, openstack-horizon-2026.1-fips, openstack-keystone-2025.2-fips, openstack-glance-2025.2, openstack-glance-2025.2-fips, openstack-glance-2025.1-fips, openstack-horizon-2025.1-fips,...
GHSA-6V7P-G79W-8964 vulnerabilities
Vulnerabilities for packages: openstack-horizon-2025.1, datadog-agent, openstack-glance-2026.1-fips, request-1276, openstack-horizon-2026.1-fips, graalvm, nemo, superset, openstack-keystone-2025.2-fips, openstack-tempest-2026.1, openstack-glance-2025.2, openstack-glance-2025.2-fips,...
Linux Distros Unpatched Vulnerability : CVE-2026-55748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some...
CVE-2026-55748
A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...
OpenStack Horizon RC file generation does not escape special characters in project names
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
UBUNTU-CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
EUVD-2026-37723
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...
CVE-2026-55748
OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...
CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
OpenStack Horizon has Incorrect Behavior Order
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
EUVD-2026-27406
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
GHSA-VXVF-XVM3-P8J5 OpenStack Horizon has Incorrect Behavior Order
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
UBUNTU-CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...
CVE-2026-43002
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...