exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2023-2088

Status Candidate

Overview

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Related Files

VMWare Aria Operations For Networks Command Injection
Posted Jul 8, 2024
Authored by Sina Kheirkhah | Site summoning.team

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This is a proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2023-20887
SHA-256 | c714227bbfea1d4fec4126f79c54dfdd4ec91c95a6e8c0ffc7b795b17b7901ee
Red Hat Security Advisory 2023-4983-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4983-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include bypass, denial of service, deserialization, and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-30129, CVE-2022-25857, CVE-2022-3171, CVE-2022-37599, CVE-2022-38900, CVE-2022-40152, CVE-2022-42920, CVE-2022-45047, CVE-2023-0482, CVE-2023-20860, CVE-2023-20883
SHA-256 | 6867bafdeedf9ae75c9407251eef4143953398b5310e20fefd7e1e5070726ec8
VMWare Aria Operations For Networks Remote Command Execution
Posted Jul 26, 2023
Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-20887
SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
Ubuntu Security Notice USN-6241-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 660a72fb20d31d9e227a37eb72a70d3cbe73b618e8e1c7d54df8413161c9a724
Red Hat Security Advisory 2023-4200-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883
SHA-256 | bc405a6019830ee64b8cccb664b61b110b2fc08ca6c32796b1b791ffae0bb212
Red Hat Security Advisory 2023-3740-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883, CVE-2023-24815
SHA-256 | 58c98dc04b54e3626d83bf209197c06eb22fe9f8e980bb6b6099f24aba62f3bd
Red Hat Security Advisory 2023-3161-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 72cea1c6c647e920f8ec7ef01c92f741fc946c646066466c8824ee13fca51b78
Red Hat Security Advisory 2023-3158-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 6e57ae4a91a8868365ef99131eca6101490a7ec5692a3ee7d16eac3a43f26f11
Red Hat Security Advisory 2023-3157-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 51398af8cbc5752b253dc1a42da9e2ddfddd025b13540ce9bbdcf0e9feace34b
Red Hat Security Advisory 2023-3156-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 170777d2aee52943c4da04b67a788dd288a3702aa893d537d6483b5ec16b79aa
Ubuntu Security Notice USN-6073-3
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 64d6b8ca97c40bee3fb52c32feef1e346b7ec7a01743df471bd0db8ef6e0ca50
Ubuntu Security Notice USN-6073-1
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 78aa9e6dc2a8739b20c6a4985180e562e3eb767f1362e5a48b77a4401fc57074
Ubuntu Security Notice USN-6073-4
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | fcfc52044801e59ab7cedfbdacf20439e9d732e3de5b5009d4e18061a3c3abb5
Ubuntu Security Notice USN-6073-2
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 40223c0e7c0e87e86682d99d6d0362c520fc682b4649693c235d53289b4ac951
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    35 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close