7820 matches found
Design/Logic Flaw
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
CVE-2019-17134 affects OpenStack Octavia amphora-agent: vulnerable in Octavia releases 0.10.0–2.1.2, 3.0.0–3.2.0, and 4.0.0–4.1.0, where the gunicorn cert_reqs option is misconfigured (True instead of ssl.CERT_REQUIRED), allowing anyone with access to the management network to bypass client-certi...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
CVE-2016-9185
An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...
CVE-2011-4076
OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...
SUSE-SU-2019:2562-1 Security update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, grafana, novnc, openstack-cinder, openstack-dashboard, openstack-designate, openstack-glance, openstack-heat, openstack-horizon-plugin-heat-ui, openstack-horizon-plugin-monasca-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-manila, openstack-neutron, openstack-neutron-gbp, openstack-nova, openstack-octavia, openstack-sahara, openstack-tempest, openstack-watcher, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-urllib3, rubygem-easy_diff
This update for ansible1, ardana-ansible, ardana-cluster, ardana-db, ardana-extensions-nsx, ardana-glance, ardana-input-model, ardana-installer-ui, ardana-manila, ardana-monasca, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-tls,...
Apache MINA CVE-2019-0231 Information Disclosure Vulnerability
Description Apache MINA is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Technologies Affected Apache MINA 1.0 Apache MINA 2.0.20 Apache MINA 2.1.0 Redhat Gluster Storage 3.0 Redhat...
SUSE SLES12 Security Update : dovecot22 (SUSE-SU-2019:2454-1)
This update for dovecot22 fixes the following issues : CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers bsc1145559. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenabl...
SUSE-SU-2019:2267-1 Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum,...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
An update for openstack-nova is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-nova: Nova server resource faults leak external exception details
A vulnerability was found in the Nova Compute resource fault handling. The Nova Compute service might leak configuration information or other sensitive information because of a failed API request. To trigger this vulnerability, the API request needs to fail due to an external exception. The abili...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
An update for openstack-nova is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
An update for openstack-nova is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Information Disclosure
openstack-nova is vulnerable to information disclosure. An external exception from an API request from an authenticated user results in the leak of environment information or other confidential information such as configuration data...
CVE-2019-15753
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...
CVE-2019-15753
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...
CVE-2019-15753
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...
DEBIAN-CVE-2019-15753
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instance...