SUSE: Security Advisory (SUSE-SU-2021:0479-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0079-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

The vulnerability of the “next” parameter in the user interface of OpenStack Horizon services arises from the lack of a mechanism for controlling redirection to malicious websites. This allows attackers to access confidential data and compromise its integrity.

The vulnerability of the “next” parameter in the user interface of OpenStack Horizon is related to the lack of checks for this parameter. Exploiting this vulnerability can allow an attacker, operating remotely, to access confidential data and compromise its integrity...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.4 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.4 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.1.4 (etcd) (RHSA-2021:0916)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0916 advisory. A highly-available key value store for shared configuration. Security Fixes: large slice causes panic in decodeRecord method CVE-2020-15106...

RHEL 8 : Red Hat OpenStack Platform 16.1.4 (python-django) (RHSA-2021:0915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0915 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some...

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

SUSE-RU-2021:0351-1 Recommended update for ardana-horizon, ardana-logging, ardana-monasca, ardana-mq, ardana-osconfig, crowbar-ha, crowbar-openstack, kibana, openstack-neutron, openstack-nova, python-Django, release-notes-suse-openstack-cloud, sleshammer, spark

This update for ardana-horizon, ardana-logging, ardana-monasca, ardana-mq, ardana-osconfig, crowbar-ha, crowbar-openstack, kibana, openstack-neutron, openstack-nova, python-Django, release-notes-suse-openstack-cloud, sleshammer, spark fixes the following issues: Security fix from this update:...

Moderate: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2021-1136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : ceph (EulerOS-SA-2021-1136)

According to the versions of the ceph packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Ope...

Huawei FusionSphere OpenStack Detection (SSH Login)

SSH login-based detection of Huawei FusionSphere OpenStack. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Huawei FusionSphere OpenStack Detection Consolidation

Consolidation of Huawei FusionSphere OpenStack detections. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Privilege Escalation

ceph is vulnerable to privilege escalation. The vulnerability exists as user credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila...

SUSE-SU-2021:0099-1 Security update for openstack-dashboard, release-notes-suse-openstack-cloud

This update for openstack-dashboard, release-notes-suse-openstack-cloud fixes the following issues: - Fix open redirect OSSA-2020-008, CVE-2020-29565 - Fix horizon-nodejs jobs. - Add workaround for secure boot issue when shim package is updated. bsc1179955...

ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...