RHEL 7 : openstack-nova (RHSA-2019:2622)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2622 advisory. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

RHEL 7 : openstack-keystone (RHSA-2018:2543)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2543 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The...

RHEL 7 : openstack-ceilometer (RHSA-2019:0580)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0580 advisory. OpenStack Telemetry ceilometer collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for da...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.5.4 security update

An update is now available for Service Telemetry Framework 1.5.4 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 6 : openstack-keystone (RHSA-2014:0368)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0368 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activitie...

RHEL 6 : openstack-cinder (RHSA-2014:1787)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1787 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend...

RHEL 7 : openstack-swift (RHSA-2015:1681)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1681 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...

RHEL 6 : openstack-neutron (RHSA-2014:1339)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1339 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main functi...

RHEL 7 : openstack-swift (RHSA-2014:0941)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0941 advisory. OpenStack Object Storage Swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. It was...

RHEL 7 : openstack-trove (RHSA-2014:1939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1939 advisory. OpenStack Database trove is Database as a Service for Openstack. It runs entirely on OpenStack, with the goal of allowing users to quickly a...

RHEL 6 / 7 : openstack-neutron (RHSA-2015:1909)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1909 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main...

Time-of-check Time-of-use (TOCTOU) Attack

OpenStack Storlets is vulnerable to Time-of-check Time-of-use TOCTOU Attack. The vulnerability is caused due to a lack of strict permission checks and restriction, leading to improper permission settings on file creation. This allows an attacker to gain unauthorized access to or modify sensitive...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2023:3445)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3445 advisory. A highly-available key value store for shared configuration Security Fixes: Information discosure via debug function CVE-2021-28235...

RHEL 9 : Red Hat OpenStack Platform 17.1.1 (RHSA-2023:5969)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5969 advisory. The etcd packages provide a highly available key-value store for shared configuration. Security Fixes: golang: net/http, x/net/http2: rapid...

OpenStack Storlets arbitrary code execution vulnerability

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

GHSA-RFM2-F94J-QHJP OpenStack Storlets arbitrary code execution vulnerability

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update

An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...