7712 matches found
CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
CVE-2026-34881
OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...
CVE-2026-34881
OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...
OpenStack Glance 安全漏洞
OpenStack Glance is an open-source service for storing and managing virtual machine images within OpenStack. Vulnerabilities exist in versions of OpenStack Glance prior to 29.1.1, as well as versions from 30.0.0 to 30.1.1 and 31.0.0. These vulnerabilities stem from URL validation checks that can ...
Linux Distros Unpatched Vulnerability : CVE-2026-34881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user...
Keystone 安全漏洞
Keystone is a powerful CMS developed under OpenStack. It helps you build and expand faster than any other CMS or application framework. Versions of Keystone prior to 6.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the findMany query, where the access control mechanism...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images
Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 Wallaby for RHEL 9.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
Ubuntu: Security Advisory (USN-8111-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenStack Glance vulnerability (USN-8111-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8111-1 advisory. It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or...
USN-8111-1: OpenStack Glance vulnerability
It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or importing images from a remote source. An attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information...
USN-8111-1 glance vulnerability
It was discovered that OpenStack Glance was incorrectly validating the IP addresses and the redirect destination URL when downloading or importing images from a remote source. An attacker could possibly use this issue to perform server-side request forgery and obtain sensitive information...
Important: Red Hat Security Advisory: Release of containers for RHOSO 18.0.17 security update
Red Hat OpenStack Services on OpenShift RHOSO 18.0.17 containers are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
📄 OpenStack Remote Code Execution
A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
GHSA-8XWF-CR4R-856R OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
EUVD-2026-8999
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...