Lucene search
K

137 matches found

OSV
OSV
added 2022/05/17 1:47 a.m.3 views

GHSA-J772-HPMW-32RM OpenStack Horizon Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

4.3CVSS5.5AI score0.02415EPSS
Exploits0References12
OSV
OSV
added 2022/05/14 3:53 a.m.11 views

GHSA-47VP-44V9-RHGQ OpenStack Horizon Cross-site Scripting (XSS)

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...

4.8CVSS4.8AI score0.01054EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.8 views

The vulnerability of the “next” parameter in the user interface of OpenStack Horizon services arises from the lack of a mechanism for controlling redirection to malicious websites. This allows attackers to access confidential data and compromise its integrity.

The vulnerability of the “next” parameter in the user interface of OpenStack Horizon is related to the lack of checks for this parameter. Exploiting this vulnerability can allow an attacker, operating remotely, to access confidential data and compromise its integrity...

6.1CVSS6.3AI score0.014EPSS
Exploits1References6Affected Software2
OpenVAS
OpenVAS
added 2021/01/11 12:0 a.m.14 views

Ubuntu: Security Advisory (USN-4675-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.014EPSS
Exploits1References2
OSV
OSV
added 2021/01/05 1:20 p.m.2 views

USN-4675-1 horizon vulnerability

Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL...

6.1CVSS6.4AI score0.014EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/01/05 1:20 p.m.104 views

USN-4675-1: OpenStack Horizon vulnerability

Pritam Singh discovered that OpenStack Horizon incorrectly validated certain parameters. An attacker could possibly use this issue to cause OpenStack Horizon to redirect to a malicious URL...

6.1CVSS6.2AI score0.014EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/12/29 12:0 a.m.10 views

Debian: Security Advisory (DSA-4820-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.014EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/12/29 12:0 a.m.28 views

Debian DSA-4820-1 : horizon - security update

Pritam Singh discovered an open redirect in the workflow forms of OpenStack Horizon. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4820. The text itself is copyright C Software in the Public Interest, Inc...

6.1CVSS6AI score0.014EPSS
Exploits1References5
Debian
Debian
added 2020/12/27 6:20 p.m.61 views

[SECURITY] [DSA 4820-1] horizon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2020 https://www.debian.org/security/faq -...

6.1CVSS6.1AI score0.014EPSS
Exploits1
OSV
OSV
added 2020/12/04 8:15 a.m.1 views

DEBIAN-CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.1AI score0.014EPSS
Exploits1References1
PyPA
PyPA
added 2020/12/04 8:15 a.m.7 views

PYSEC-2020-45

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.9AI score0.014EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2020/12/04 8:15 a.m.5 views

UBUNTU-CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.4AI score0.014EPSS
Exploits1References6
Prion
Prion
added 2020/12/04 8:15 a.m.17 views

Design/Logic Flaw

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

5.8CVSS6AI score0.014EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2020/12/04 8:15 a.m.22 views

PYSEC-2020-45

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS2AI score0.014EPSS
Exploits1References7
Cvelist
Cvelist
added 2020/12/04 7:6 a.m.37 views

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6AI score0.014EPSS
Exploits1References6
CNNVD
CNNVD
added 2020/12/04 12:0 a.m.7 views

OpenStack Horizon Input Validation Error Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. A security vulnerability exists in OpenStack Horizon versions 15.3.2,16 before, which stems from a lack of validation of the...

6.1CVSS6.4AI score0.014EPSS
Exploits1References13
OSV
OSV
added 2020/03/11 11:30 a.m.2 views

SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift

This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova,...

9.3CVSS7.5AI score0.07836EPSS
Exploits1References39
OSV
OSV
added 2020/01/13 9:38 a.m.13 views

SUSE-SU-2020:0081-1 Security update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client

This update for crowbar-core, crowbar-openstack, openstack-horizon-plugin-monasca-ui, openstack-monasca-api, openstack-monasca-log-api, openstack-neutron, rubygem-puma, rubygem-rest-client contains the following fixes: Security issue fixed for rubygem-puma: - CVE-2019-16770: Fixed a potential...

7.5CVSS6.2AI score0.06457EPSS
Exploits0References12
OSV
OSV
added 2019/03/22 3:10 p.m.9 views

SUSE-SU-2019:0716-1 Security update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas

This update for openstack-cinder, openstack-horizon-plugin-designate-ui, openstack-neutron, openstack-neutron-lbaas fixes the following issues: Security vulnerabity fixed in openstack-cinder: - CVE-2017-15139: Fixed a leakage of sensitive information between tenants in certain storage volume...

7.5CVSS7.4AI score0.01244EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2017/10/12 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-3447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS5.5AI score0.02068EPSS
Exploits0References2
Rows per page
Query Builder