RHEL 8 : Red Hat OpenStack Platform 16.1.4 (python-django) (RHSA-2021:0915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0915 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 8 : Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0916 advisory. A highly-available key value store for shared configuration. Security Fixes: large slice causes panic in decodeRecord method CVE-2020-15106...

Lxml Cross-Site Scripting Vulnerability

Lxml is a software from the individual developer of Lxml that interacts with Python to locate elements in Html. Lxml suffers from a cross-site scripting vulnerability that arises from javascript escaping via a combination of noscript and style. The following products and versions are affected:...

Selected Red Hat Products Security Vulnerabilities

Red Hat Ceph Storage is a scalable, open software-defined storage platform. Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform. Container Platform is an application platform that enables organizations to develop, deploy and manage existing container-based applications acro...

openstack-tripleo-heat-templates: No sVirt protection for OSP16 VMs due to disabled SELinux

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

Design/Logic Flaw

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

CVE-2020-10731

Summary: CVE-2020-10731 affects the nova_libvirt container in Red Hat OpenStack Platform 16, where SELinux is not enabled, which disables sVirt isolation for running VMs. The issue is described across multiple sources as eliminating sVirt protection due to disabled SELinux. Public technical detai...

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

Rocky Enterprise Software Foundation OpenStack Platform 16.1 bug fix and enhancement advisory

An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2020-10731

A flaw was found in the novalibvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines...

GHSA-XF8C-3CGX-FCWM Improper Access Control in novajoin

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

Improper Access Control in novajoin

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 13 bug fix and enhancement advisory

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on commonly available...

CVE-2012-5474

The file /etc/openstack-dashboard/localsettings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release python-django-horizon package before 2012.1.1 is world readable and exposes the secret key value...

CVE-2012-5474

The file /etc/openstack-dashboard/localsettings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release python-django-horizon package before 2012.1.1 is world readable and exposes the secret key value...

OpenStack Mistral CVE-2019-3866 Local Information Disclosure Vulnerability

Description OpenStack Mistral is prone to a local information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Mistral Redhat OpenStack Platform 10 Redhat OpenStack Platform...

Apache MINA CVE-2019-0231 Information Disclosure Vulnerability

Description Apache MINA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Apache MINA 1.0 Apache MINA 2.0.20 Apache MINA 2.1.0 Redhat Gluster Storage 3.0 Redhat...

CVE-2019-10138

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

Design/Logic Flaw

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...