barbican 授权问题漏洞

barbican is an OpenStack key management service, API server. An authorization issue vulnerability exists in barbican due to a lack of authorization checks. A remote user with the administrator role could add secrets to different project containers. The vulnerability allows an attacker on a networ...

SUSE: Security Advisory (SUSE-SU-2022:1308-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-VCMV-6RXX-FH7R OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

OpenStack Nova Exposure of Sensitive Information to an Unauthorized Actor

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

GHSA-HQFX-4X4W-VMWP Openstack nova qcow format could expose host filesystem information

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

Openstack nova qcow format could expose host filesystem information

Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.3 General Availability release images. This update provides security fixes, bug fixes, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

SUSE: Security Advisory (SUSE-SU-2022:1275-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Open Redirection

openstack-nova is vulnerable to open redirection. The attack is possible because a victim could be made to redirect to any desired URL...

Denial Of Service (DoS)

openstack-neutron is vulnerable to denial of service. The vulnerability exists in openstack-neutron because an API worker consumes increasing amounts of memory, resulting in API performance degradation which allows an authenticated attacker to make API requests involving nonexistent controllers...

SUSE: Security Advisory (SUSE-SU-2022:1160-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : Red Hat OpenStack Platform 13.0 (python-waitress) (RHSA-2022:1264)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1264 advisory. Pure-python WSGI server Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' CVE-2022-24761 For more details about t...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 (python-waitress) security update

An update for python-waitress is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (python-waitress) security update

An update for python-waitress is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-waitress) security update

An update for python-waitress is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-waitress) (RHSA-2022:1254)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1254 advisory. Pure-python WSGI server Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' CVE-2022-24761 For more details about t...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-waitress) (RHSA-2022:1253)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1253 advisory. Pure-python WSGI server Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' CVE-2022-24761 For more details about t...

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

Design/Logic Flaw

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...