exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2023-2088

Status Candidate

Overview

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.

Related Files

Red Hat Security Advisory 2023-4983-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4983-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security patch is an update to Red Hat Process Automation Manager 7. Issues addressed include bypass, denial of service, deserialization, and memory leak vulnerabilities.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2021-30129, CVE-2022-25857, CVE-2022-3171, CVE-2022-37599, CVE-2022-38900, CVE-2022-40152, CVE-2022-42920, CVE-2022-45047, CVE-2023-0482, CVE-2023-20860, CVE-2023-20883
SHA-256 | 6867bafdeedf9ae75c9407251eef4143953398b5310e20fefd7e1e5070726ec8
VMWare Aria Operations For Networks Remote Command Execution
Posted Jul 26, 2023
Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution
advisories | CVE-2023-20887
SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
Ubuntu Security Notice USN-6241-1
Posted Jul 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6241-1 - Jan Wasilewski and Gorka Eguileor discovered that OpenStack incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 660a72fb20d31d9e227a37eb72a70d3cbe73b618e8e1c7d54df8413161c9a724
Red Hat Security Advisory 2023-4200-01
Posted Jul 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883
SHA-256 | bc405a6019830ee64b8cccb664b61b110b2fc08ca6c32796b1b791ffae0bb212
Red Hat Security Advisory 2023-3740-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3740-01 - This release of Camel for Spring Boot 3.20.1.P1 serves as a replacement for Camel for Spring Boot 3.20.1 and includes bug fixes and enhancements, which are documented in the Release Notes linked in the References. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-20883, CVE-2023-24815
SHA-256 | 58c98dc04b54e3626d83bf209197c06eb22fe9f8e980bb6b6099f24aba62f3bd
Red Hat Security Advisory 2023-3161-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 72cea1c6c647e920f8ec7ef01c92f741fc946c646066466c8824ee13fca51b78
Red Hat Security Advisory 2023-3158-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 6e57ae4a91a8868365ef99131eca6101490a7ec5692a3ee7d16eac3a43f26f11
Red Hat Security Advisory 2023-3157-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 51398af8cbc5752b253dc1a42da9e2ddfddd025b13540ce9bbdcf0e9feace34b
Red Hat Security Advisory 2023-3156-01
Posted May 17, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-2088
SHA-256 | 170777d2aee52943c4da04b67a788dd288a3702aa893d537d6483b5ec16b79aa
Ubuntu Security Notice USN-6073-3
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-3 - Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 64d6b8ca97c40bee3fb52c32feef1e346b7ec7a01743df471bd0db8ef6e0ca50
Ubuntu Security Notice USN-6073-1
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-1 - Jan Wasilewski and Gorka Eguileor discovered that Cinder incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 78aa9e6dc2a8739b20c6a4985180e562e3eb767f1362e5a48b77a4401fc57074
Ubuntu Security Notice USN-6073-4
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-4 - Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | fcfc52044801e59ab7cedfbdacf20439e9d732e3de5b5009d4e18061a3c3abb5
Ubuntu Security Notice USN-6073-2
Posted May 12, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6073-2 - Jan Wasilewski and Gorka Eguileor discovered that Glance_store incorrectly handled deleted volume attachments. An authenticated user or attacker could possibly use this issue to gain access to sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2088
SHA-256 | 40223c0e7c0e87e86682d99d6d0362c520fc682b4649693c235d53289b4ac951
Page 1 of 1
Back1Next

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    8 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    17 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close