7712 matches found
UBUNTU-CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
CVE-2026-28370
OpenStack Vitrage suffers a remote code execution risk in the query parser. In versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user with API access can trigger code execution on the Vitrage service host as the service user through the _create_query_function path in vitrage/graph/query.py....
PT-2026-22298
Name of the Vulnerable Software and Affected Versions OpenStack Vitrage versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0 Description A critical security issue exists in OpenStack Vitrage's query parser. An authenticated user with access to the Vitrage API can trigger code execution on the...
OpenStack Vitrage 安全漏洞
OpenStack Vitrage is an analysis engine developed under the open-source OpenStack framework. Vulnerabilities exist in versions of OpenStack Vitrage prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0. These vulnerabilities stem from defects in the query parser, which may lead to code execution...
CVE-2026-28370
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 director Operator container images
Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 Train for RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
OpenStack Nova calls qemu-img without format restrictions for resize
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...
CVE-2026-24708
CVE-2026-24708 affects OpenStack Nova (Flat image backend), where an attacker could cause unsafe image resize by writing a malicious QCOW header to a root or ephemeral disk, triggering qemu-img without a format restriction. Affected: Nova releases before 30.2.2, 31 before 31.2.1, and 32 before 32...
OpenStack Nova 安全漏洞
OpenStack Nova is a core computing service component of the OpenStack open-source framework. Versions of OpenStack Nova prior to 30.2.2, 31.2.1, and 32.1.1 have security vulnerabilities. These vulnerabilities stem from the Flat image backend’s failure to apply format restrictions when processing...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...