10 results (0.010 seconds)

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2024-32498 – OpenStack: malicious qcow2/vmdk images

https://notcve.org/view.php?id=CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected. Se descubrió un problema en OpenStack Cinder hasta 24.0.0, Glance antes de 28.0.2 y Nova antes de 29.0.3. • https://launchpad.net/bugs/2059809 https://www.openwall.com/lists/oss-security/2024/07/02/2 https://access.redhat.com/security/cve/CVE-2024-32498 https://bugzilla.redhat.com/show_bug.cgi?id=2278663 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 96%CPEs: 79EXPL: 1

CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

https://notcve.org/view.php?id=CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust. • http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html http://seclists.org/fulldisclosure/2024/Mar/21 http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8 https://access.redhat.com/security/cve/cve-2023-48 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-47951 – openstack: Arbitrary file access through custom VMDK flat descriptor

https://notcve.org/view.php?id=CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Se descubrió un problema en OpenStack Cinder antes de 19.1.2, 20.x antes de 20.0.2 y 21.0.0; Vistazo antes de 23.0.1, 24.x antes de 24.1.1 y 25.0.0; y Nova antes de 24.1.2, 25.x antes de 25.0.2 y 26.0.0. Al proporcionar una imagen plana VMDK especialmente creada que hace referencia a una ruta de archivo de respaldo específica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. • https://launchpad.net/bugs/1996188 https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html https://security.openstack.org/ossa/OSSA-2023-002.html https://www.debian.org/security/2023/dsa-5336 https://www.debian.org/security/2023/dsa-5337 https://www.debian.org/security/2023/dsa-5338 https://access.redhat.com/security/cve/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2022-37394 – openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap

https://notcve.org/view.php?id=CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. Se ha detectado un problema en OpenStack Nova versiones anteriores a 23.2.2, 24.x anteriores a 24.1.2 y 25.x anteriores a 25.0.2. Al crear un puerto de neutrones con el vnic_type directo, crear una instancia vinculada a ese puerto y luego cambiar el vnic_type del puerto vinculado a macvtap, un usuario autenticado puede causar que el servicio de computación no sea reiniciado, resultando en una posible denegación de servicio. • https://bugs.launchpad.net/ossa/+bug/1981813 https://review.opendev.org/c/openstack/nova/+/849985 https://review.opendev.org/c/openstack/nova/+/850003 https://access.redhat.com/security/cve/CVE-2022-37394 https://bugzilla.redhat.com/show_bug.cgi?id=2117333 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.1EPSS: 92%CPEs: 5EXPL: 1

CVE-2021-3654 – openstack-nova: novnc allows open redirection

https://notcve.org/view.php?id=CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. Se ha encontrado una vulnerabilidad en el proxy de consola de openstack-nova, noVNC. Mediante el diseño de una URL maliciosa, noVNC puede ser redirigido a cualquier URL deseada A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. • https://bugs.launchpad.net/nova/+bug/1927677 https://bugs.python.org/issue32084 https://bugzilla.redhat.com/show_bug.cgi?id=1961439 https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb https://security.gentoo.org/glsa/202305-02 https://security.openstack.org/ossa/OSSA-2021-002.html https://www.openwall.com/lists/oss-security/2021/07/29/2 https://access.redhat.com/security/cve/CVE-2021- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •