SUSE CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images...

SUSE CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

SUSE CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

SUSE CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

SUSE CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."...

SUSE CVE-2022-47950

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

The vulnerability of the Openstack Cinder block storage service lies in its reliance on files and directories accessible from external parties, allowing an attacker to expose protected information.

The vulnerability of the Openstack Cinder block storage service is related to the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

SUSE: Security Advisory (SUSE-SU-2023:0031-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Nova vulnerabilities (USN-5866-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5866-1 advisory. It was discovered that Nova did not properly manage data logged into the log file. An attacker with read access to the service's...

Ubuntu: Security Advisory (USN-5852-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5852-1 swift vulnerability

It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain arbitrary file contents containing sensitive information from the server...

USN-5852-1: OpenStack Swift vulnerability

It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain arbitrary file contents containing sensitive information from the server...

USN-5835-5: Nova vulnerability

USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker cou...

USN-5835-4: Cinder vulnerability

USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS. Original advisory details: Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectl...

Ubuntu 18.04 LTS : Nova vulnerability (USN-5835-5)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5835-5 advisory. USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Tenable has extracted the preceding description blo...

Ubuntu 20.04 LTS / 22.04 LTS : OpenStack Swift vulnerability (USN-5852-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5852-1 advisory. It was discovered that OpenStack Swift incorrectly handled certain XML files. A remote authenticated user could possibly use this issue to obtain...

Ubuntu 18.04 LTS / 20.04 LTS : Cinder vulnerability (USN-5835-4)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5835-4 advisory. USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed f...

SUSE: Security Advisory (SUSE-SU-2023:0282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0309-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...