Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the use of HTTP redirects. An attacker can access internal services by leveraging HTTP redirects to bypass URL validation checks. This is only exploitable if the web-download, glance-download impo...

GHSA-MC26-Q38V-83GV OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

EUVD-2026-17323

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

OpenStack Glance is affected by Server-Side Request Forgery (SSRF)

OpenStack Glance versions = 30.0.0 30.1.1, == 31.0.0 are affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only the glance image import functionality is affected. In particular, the...

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

UBUNTU-CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

CVE-2026-34881

OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, th...

CVE-2026-34881

OpenStack Glance =30.0.0 30.1.1, ==31.0.0 is affected by Server-Side Request Forgery SSRF. By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

CVE-2019-16406

Centreon Web 19.04.4 has weak permissions within the OVA aka VMware virtual machine and OVF aka VirtualBox virtual machine files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron...

EUVD-2020-5132

Malware in sbrugna...

EUVD-2019-15107

Malware in sbrugna...

EUVD-2019-15109

Malware in sbrugna...

EUVD-2025-12329

Malicious code in bioql PyPI...

CVE-2019-5532

VMware vCenter Server 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter...

CVE-2019-5534

VMware vCenter Server 6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j contains an information disclosure vulnerability where Virtual Machines deployed from an OVF could expose login information via the virtual machine's vAppConfig properties. A malicious actor with access to...

After importing of an OVF package from a VMware environment Virtual Machine Fails to Boot with STOP 7B or 'Device Does Not Exist'

After importing of an OVF package from a VMware environment, a Windows virtual machine fails with a STOP 0x0000007B error, or a Linux virtual machine does not boot because a device /dev/sda1 for example does not exist. On a Windows virtual machine a STOP 0x0000007B error occurs. On a Linux virtua...

How to Import OVF Package to XenServer

This article describes how to import OVF package into XenServer. You can use the Citrix® XenServer Conversion Manager to convert hundreds of virtual machines to XenServer. It saves time and storage by converting a virtual machine directly to XenServer unattended.You can also create a virtual...

Security update for virtualbox (important)

openSUSE Security Update: Security update for virtualbox Announcement ID: openSUSE-SU-2022:10152-1 Rating: important References: 1201720 1203086 1203306 1203370 1203735 1204019 Cross-References: CVE-2022-21554 CVE-2022-21571 CVSS scores: CVE-2022-21554 NVD : 4.4...