Linux Distros Unpatched Vulnerability : CVE-2020-12689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can...

Linux Distros Unpatched Vulnerability : CVE-2023-3637

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an...

Linux Distros Unpatched Vulnerability : CVE-2016-9590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage...

Linux Distros Unpatched Vulnerability : CVE-2017-15139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to...

Linux Distros Unpatched Vulnerability : CVE-2019-3895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause...

MAL-2025-22974 Malicious code in idig-openstack (npm)

The package idig-openstack was found to contain malicious code...

Malicious code in idig-openstack (npm)

The package idig-openstack was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2016-4972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient...

Linux Distros Unpatched Vulnerability : CVE-2014-7230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain...

Linux Distros Unpatched Vulnerability : CVE-2018-16856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and...

Linux Distros Unpatched Vulnerability : CVE-2020-27781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila...

Fedora 41 : cloud-init (2025-58f05c43ae)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58f05c43ae advisory. Backport fixes for CVE-2024-6174 and CVE-2024-11584 - cloud-init included the systemd socket unit cloud-init-hotplugd.socket with default SocketMode...

USN-7677-1: cloud-init vulnerabilities

Harry Sintonen discovered that the hotplugd socket in cloud-init was world writable. An attacker could possibly use this issue to send hotplug-hook commands. CVE-2024-11584 It was discovered that cloud-init granted root access to a hardcoded URL with a local IP address when a non-x86 platform is...

Security Bulletin: Improper Authorization in OpenStack Neutron Tagging Allows Unauthorized Network Tag Modification

Summary In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to th...

SUSE-SU-2025:20429-1 Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

TencentOS Server 4: openstack-neutron (TSSA-2024:1085)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1085 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-keystone (TSSA-2025:0054)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0054 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-heat (TSSA-2024:0810)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0810 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: openstack-neutron (TSSA-2024:1052)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1052 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: python-openstackclient (TSSA-2024:1090)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1090 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...