RHEL 8 : Red Hat OpenStack Platform 16.1.9 (numpy) (RHSA-2022:8861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8861 advisory. A fast multidimensional array facility for Python Security Fixes: NULL pointer dereference in numpy.sort in the PyArrayDescrNew due to missing...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) (RHSA-2022:8867)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8867 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (puppet-firewall) (RHSA-2022:8869)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8869 advisory. Manages Firewalls such as iptables Security Fixes: unmanaged rules could leave system in an unsafe state via duplicate comment CVE-2022-0675 For more...

RHEL 7 : Red Hat OpenStack Platform 13.0 (instack-undercloud) (RHSA-2022:8897)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8897 advisory. Installation tools to install an undercloud via instack Security Fixes: instack-undercloud: rsync leaks information to undercloud CVE-2022-3596 For...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (protobuf) (RHSA-2022:8847)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8847 advisory. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its...

RHEL 8 : Red Hat OpenStack 16.2.4 (python-XStatic-Bootstrap-SCSS) (RHSA-2022:8848)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8848 advisory. Bootstrap style library packaged for setuptools easyinstall / pip. Security Fixes: XSS in the tooltip or popover data-template attribute CVE-2019-833...

RHEL 8 : openstack-selinux (RHSA-2020:4381)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4381 advisory. The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux. Security Fixes: policy flaw allo...

RHEL 8 : openstack-octavia (RHSA-2020:0721)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0721 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (python-XStatic-Angular) (RHSA-2022:8849)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8849 advisory. Angular JavaScript library packaged for setuptools easyinstall / pip. Security Fixes: Prototype pollution in merge function could result in code...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (python-django20) (RHSA-2022:8853)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8853 advisory. Security Fixes: Possible XSS via '% debug %' template tag CVE-2022-22818 Denial of service possibility in file uploads CVE-2022-23833 For mo...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-barbican) (RHSA-2022:8874)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8874 advisory. Barbican is a REST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Securit...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (openstack-neutron) (RHSA-2022:8855)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8855 advisory. OpenStack Networking neutron is a virtual network service for OpenStack. Just as OpenStack Compute nova provides an API to dynamically request and...

SUSE: Security Advisory (SUSE-SU-2023:0109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0111-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0118-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0101-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-274C-RX2J-2V3X OpenStack Swift XML external entities (XXE) Injection

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

OpenStack Swift XML external entities (XXE) Injection

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

CVE-2022-47950

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...