MAL-2025-22974 Malicious code in idig-openstack (npm)

The package idig-openstack was found to contain malicious code...

Malicious code in idig-openstack (npm)

The package idig-openstack was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2016-4972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient...

Linux Distros Unpatched Vulnerability : CVE-2014-7230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain...

Linux Distros Unpatched Vulnerability : CVE-2018-16856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and...

Linux Distros Unpatched Vulnerability : CVE-2020-27781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila...

Fedora 41 : cloud-init (2025-58f05c43ae)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58f05c43ae advisory. Backport fixes for CVE-2024-6174 and CVE-2024-11584 - cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode...

USN-7677-1: cloud-init vulnerabilities

Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...

Security Bulletin: Improper Authorization in OpenStack Neutron Tagging Allows Unauthorized Network Tag Modification

Summary In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to th...

SUSE-SU-2025:20429-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

TencentOS Server 4: openstack-keystone (TSSA-2025:0054)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0054 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-neutron (TSSA-2024:1085)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1085 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-heat (TSSA-2024:0810)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0810 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-neutron (TSSA-2024:1052)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1052 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: python-openstackclient (TSSA-2024:1090)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1090 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

CVE-2024-28716

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

CVE-2022-36911

A cross-site request forgery CSRF vulnerability in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2022-36912

A missing permission check in Jenkins Openstack Heat Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2021-38155

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...