7742 matches found
CVE-2024-44082
A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. Mitigation Mitigation for this issue is either not available or...
DEBIAN-CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
CVE-2024-44082
OpenStack Ironic and ironic-python-agent are affected by CVE-2024-44082 in image processing, allowing a crafted image to trigger undesired qemu-img behaviors and potentially expose data. Affected: Ironic before 26.0.1; Ironic (versions): =22.0.0 =23.1.0 =25.0.0 <26.0.1. Ironic-python-agent: =9...
CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 26.0.1 and ironic-python-agent versions prior to 9.13.1, which stems from an issue ...
CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
Debian dla-3873 : nova-api - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3873 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1 [email protected]...
Ubuntu 22.04 LTS / 24.04 LTS : OpenStack vulnerability (USN-6989-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6989-1 advisory. Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated...
Debian dla-3871 : cinder-api - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3871 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected]...
Debian dla-3870 : python-oslo.utils-doc - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3870 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3870-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3873-1] nova security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3871-1] cinder security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3871-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...
[SECURITY] [DLA 3870-1] python-oslo.utils new upstream release
------------------------------------------------------------------------- Debian LTS Advisory DLA-3870-1 [email protected] https://www.debian.org/lts/security/ Thomas Goirand September 05, 2024 https://wiki.debian.org/LTS -...
USN-6989-1: OpenStack vulnerability
Dan Smith, Julia Kreger and Jay Faulkner discovered that in image processing for Ironic, a specially crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
PT-2024-30939 · Openstack +3 · Openstack Ironic +4
Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 26.0.1 Ironic-python-agent versions prior to 9.13.1 Description: The issue concerns a vulnerability in image processing, where a crafted image could be used by an authenticated user to exploit undesired...
UBUNTU-CVE-2024-44082
In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...
Sensitive Information Disclosure
openstack-heat is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the stack abandon command with the hidden feature set to True by which an attacker can disclose sensitive information...