Lucene search
K

221 matches found

RedHat Linux
RedHat Linux
added 2024/11/07 3:33 a.m.5 views

openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

4.3CVSS5.7AI score0.00545EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/04 12:0 a.m.11 views

RHEL 7 : openstack-ironic (RHSA-2016:1378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1378 advisory. OpenStack Bare Metal ironic is a tool used to provision bare metal as opposed to virtual machines. It leverages common technologies such as PXE boot...

7.5CVSS6.7AI score0.02836EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/10/30 1:12 a.m.21 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.19 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.19 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

8CVSS6.7AI score0.01262EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2024/10/09 7:34 p.m.37 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.36 security update

Red Hat OpenShift Container Platform release 4.15.36 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

7.3CVSS7.3AI score0.8833EPSS
Exploits16References15
Veracode
Veracode
added 2024/10/09 4:34 a.m.5 views

Man-in-the-middle(MitM)

OpenStack Ironic is vulnerable to Man-in-the-middleMitM. The vulnerability is due to the lack of checksum validation on the supplied imagesource URLs, allows for the possibility of malicious actors manipulating the image data during the conversion process...

5.3CVSS6.6AI score0.00662EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/10/04 6:31 p.m.14 views

GHSA-8H22-6QWX-Q4W9 OpenStack Ironic fails to verify checksums of supplied image_source URLs

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

6.9CVSS5.4AI score0.00662EPSS
Exploits0References9
NVD
NVD
added 2024/10/04 6:15 p.m.22 views

CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS0.00662EPSS
Exploits0References5
OSV
OSV
added 2024/10/04 6:15 p.m.5 views

DEBIAN-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS6.3AI score0.00662EPSS
Exploits0References1
OSV
OSV
added 2024/10/04 6:15 p.m.2 views

UBUNTU-CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS5.8AI score0.00662EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/04 12:0 a.m.8 views

PT-2024-32480 · Openstack +1 · Openstack Ironic +1

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 21.4.4 OpenStack Ironic versions 22.x through 23.x before 23.0.3 OpenStack Ironic versions 23.x through 24.x before 24.1.3 OpenStack Ironic versions 25.x through 26.x before 26.1.0 Description: The issue is...

6.9CVSS6.8AI score0.00662EPSS
Exploits0References23
Cvelist
Cvelist
added 2024/10/04 12:0 a.m.18 views

CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

0.00662EPSS
Exploits0References4
CVE
CVE
added 2024/10/04 12:0 a.m.101 views

CVE-2024-47211

The CVE-2024-47211 issue in OpenStack Ironic is due to lack of checksum validation for image_source URLs when converting images to raw format for streaming. Affected ranges include OpenStack Ironic releases before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/10/04 12:0 a.m.15 views

CVE-2024-47211

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied imagesource URLs when configured to convert images to a raw format for streaming...

5.3CVSS6.3AI score0.00662EPSS
Exploits0
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.4 views

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic that stems from a lack of checksum validation of the provided imagesource URL. The following versions...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References6
OSV
OSV
added 2024/09/15 10:55 p.m.12 views

RHSA-2015:1929 Red Hat Security Advisory: openstack-ironic-discoverd security update

Bulletin has no description...

6.8CVSS6.1AI score0.01585EPSS
Exploits0References8
OSV
OSV
added 2024/09/13 7:52 p.m.14 views

RHSA-2019:1734 Red Hat Security Advisory: openstack-ironic-inspector security update

Bulletin has no description...

8.3CVSS9.1AI score0.02464EPSS
Exploits0References13
OSV
OSV
added 2024/09/13 7:51 p.m.14 views

RHSA-2019:1669 Red Hat Security Advisory: openstack-ironic-inspector security update

Bulletin has no description...

8.3CVSS9.1AI score0.02464EPSS
Exploits0References13
OSV
OSV
added 2024/09/13 7:51 p.m.13 views

RHSA-2019:1722 Red Hat Security Advisory: openstack-ironic-inspector security update

Bulletin has no description...

8.3CVSS9.1AI score0.02464EPSS
Exploits0References12
OSV
OSV
added 2024/09/13 11:4 a.m.19 views

RHSA-2016:1377 Red Hat Security Advisory: openstack-ironic security update

Bulletin has no description...

5.9CVSS7.4AI score0.02836EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/09/06 1:43 p.m.21 views

CVE-2024-44082

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. Mitigation Mitigation for this issue is either not available or...

6.8CVSS6AI score0.00545EPSS
Exploits0References3
Rows per page
Query Builder