7821 matches found
Arbitrary Code Execution in blazar-dashboard
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
Design/Logic Flaw
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
PYSEC-2020-225
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
PYSEC-2020-225
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability...
CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...
CVE-2020-26943
OpenStack blazar-dashboard (before 1.3.1, 2.0.0, and 3.0.0) exposes a Python eval-based vulnerability that can trigger code execution on the Horizon host when a user with access to the Blazar dashboard operates within Horizon. This may result in Horizon host unauthorized access and further compro...
The vulnerability of the OpenStack Octavia load balancer, related to lack of access control, allows attackers to partially compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the OpenStack Octavia load balancer is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to partially compromise the confidentiality, integrity, and accessibility of the protected information...
Security Bulletin: Multiple vulnerabilities in IBM® JDK, Java™ Technology Edition may affect IBM Cloud Manager with OpenStack
Summary A vulnerability in IBM® JDK Java™ Technology Edition, Version 7.0.10.50 used by IBM Cloud Manager with OpenStack. The CVE-2020-2590 and CVE-2020-2601 were disclosed as part of the Oracle January 2020 Critical Patch Update. Vulnerability Details Refer to the security bulletins listed in th...
SUSE-SU-2020:2911-1 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client
This update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano,...
SUSE-SU-2020:2876-1 Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila,...
Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerability (CVE-2020-1968)
Summary A security vulnerability has been identified in OpenSSL that is used by Chef. IBM Cloud Manager with OpenStack uses Chef and is affected by this vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerability
Summary A security vulnerability has been identified in OpenSSL that is used by Chef. IBM Cloud Manager with OpenStack uses Chef and is affected by this vulnerability. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.50 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified...
openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...
Important: Red Hat Security Advisory: openstack-nova security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...
Important: Red Hat Security Advisory: openstack-nova security update
An update for openstack-nova is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...