7716 matches found
CVE-2020-9225
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...
CVE-2020-9079
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product...
RHSA-2025:7536 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-h11) security update
Bulletin has no description...
RHSA-2025:7535 Red Hat Security Advisory: Red Hat OpenStack Platform 18.0 (python-h11) security update
Bulletin has no description...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-h11) security update
An update for python-h11 is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 18.0 (python-h11) security update
An update for python-h11 is now available for Red Hat OpenStack Platform 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : Red Hat OpenStack Platform 18.0 (python-h11) (RHSA-2025:7535)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7535 advisory. Security Fixes: h11 accepts some malformed Chunked-Encoding bodies CVE-2025-43859 For more details about the security issues, including the impact, a...
RHEL 9 : Red Hat OpenStack Platform 17.1 (python-h11) (RHSA-2025:7536)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7536 advisory. Security Fixes: h11 accepts some malformed Chunked-Encoding bodies CVE-2025-43859 For more details about the security issues, including the impact, a...
GHSA-Q3M2-CRGQ-5P3Q OpenStack Ironic fails to restrict paths used for file:// image URLs
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
OpenStack Ironic fails to restrict paths used for file:// image URLs
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
PYSEC-2025-38
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
PYSEC-2025-38
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
DEBIAN-CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
UBUNTU-CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
PT-2025-20397 · Openstack +1 · Openstack Ironic +1
Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 24.1.3 OpenStack Ironic versions prior to 26.1.1 OpenStack Ironic versions prior to 29.0.1 Description: The issue allows a malicious project assigned as a node owner to provide a path to any local file...
CVE-2025-44021
OpenStack Ironic prior to 29.0.1 is vulnerable to a local-file write during image handling when a deployment is performed via the API. A malicious project assigned as a node owner can supply a path to a local file (readable by ironic-conductor), which may then be written to the target node’s disk...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic versions prior to 29.0.1, which stems from an unexpected file that may be written to the target node...