UBUNTU-CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

OpenStack barbican 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. barbican is an OpenStack key management service, API server. A security vulnerability exists in OpenStack barbican that stems from an issue in the component that allows access policies to b...

CVE-2022-3277

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

SUSE-SU-2022:3338-1 Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma

This update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma fixes the following issues: Security updates included on this update: ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates,...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-django20) (RHSA-2021:3490)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3490 advisory. Security Fixes: Potential directory-traversal via archive.extract CVE-2021-3281 Potential directory traversal via admindocs CVE-2021-33203...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-neutron) (RHSA-2021:3488)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3488 advisory. Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers,...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2021:3487)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3487 advisory. A highly-available key value store for shared configuration Security Fixes: net/http: panic in ReadRequest and ReadResponse when reading a...

RHEL 7 : Red Hat OpenStack Platform 13.0 (openstack-neutron) (RHSA-2021:3503)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3503 advisory. Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers,...

RHEL 7 : Red Hat OpenStack Platform 10.0 (openstack-neutron) (RHSA-2021:3502)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3502 advisory. Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers,...

RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-neutron) (RHSA-2021:3481)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3481 advisory. Neutron is a virtual network service for Openstack, and a part of Netstack. Just like OpenStack Nova provides an API to dynamically request and...

SUSE: Security Advisory (SUSE-SU-2022:3269-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3106-1] python-oslo.utils security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3106-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 13, 2022 https://wiki.debian.org/LTS -...

CVE-2022-3101

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of...

SUSE: Security Advisory (SUSE-SU-2022:3193-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3160-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:3139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3146

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...

Barbican authorization flaw before v14.0.0

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...