openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML

An information disclosure flaw was found in the live migration feature of OpenStack Nova. A user may gain access to destination host devices with the same path as those on the source host. This flaw allows an attacker to perform a soft reboot of an instance that has previously undergone live...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : openstack-nova (RHSA-2020:3706)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3706 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2020:3711)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3711 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-nova (RHSA-2020:3708)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3708 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 8 : openstack-nova (RHSA-2020:3704)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3704 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 8 : openstack-nova (RHSA-2020:3702)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3702 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

Ubuntu 18.04 LTS : OpenStack Keystone vulnerabilities (USN-4480-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4480-1 advisory. It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2...

Ubuntu: Security Advisory (USN-4480-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8023

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

CVE-2020-8023

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

Code injection

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

CVE-2020-8023 Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server...

USN-4480-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. CVE-2020-12689, CVE-2020-12691 It was discovered that OpenStack Keystone incorrectly handled the list of...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.50 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in October 2019. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.50 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified...