CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

CVE-2017-12155

The CVE-2017-12155 issue is a resource-permission flaw in openstack-tripleo-heat-templates (ceph.client.openstack.keyring created world-readable). A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though they were the OpenStack service, poten...

OpenStack Nova FilterScheduler Incompletely Fixes Denial of Service Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud construct controllers written in Python that is part of the IaaS system. It is part of the IaaS system.FilterScheduler...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

DEBIAN-CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

Default credentials

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

CVE-2017-17051

OpenStack Nova CVE-2017-16239 affects stable/pike and later with the fix for OSSA-2017-005. By repeatedly rebuilding an instance with new images using the default FilterScheduler, an authenticated user may cause untracked resource allocations on a hypervisor, leading to denial of service (doubled...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

Randy Bias joins Wallarm board of advisers

Menlo Park, California — December 5, 2017 — Wallarm today announced that Randy Bias, Vice President of Technology and Strategy, Cloud Software at Juniper and founder of Cloudscaling acquired by EMC, has joined Wallarm’s board of advisers. “Randy is an agile cloud pioneer and a thought leader in...

CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

UBUNTU-CVE-2017-17051

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was...

Red Hat OpenStack Platform Elevation of Privilege Vulnerability

The Red Hat OpenStack Platform provides core Infrastructure-as-a-Service for private or public cloud infrastructures. An elevation of privilege vulnerability exists in Red Hat OpenStack Platform, which could be exploited by a remote attacker to submit a specific request for elevation of privilege...

Cloud - Critical - CSRF - SA-CONTRIB-2017-086

This module enables sites to manage public clouds like Amazon EC2 and also private clouds like OpenStack. The module doesn't sufficiently protect the deletion of audit reports, thereby exposing a cross-site request vulnerability which can be exploited by unprivileged users to trick an administrat...

Huawei FusionSphere OpenStack GaussDB Buffer Overflow Vulnerability

Huawei FusionSphere OpenStack is a suite of cloud platform software for Huawei's FusionSphere cloud operating system in ICT scenarios.GaussDB is one of the databases. A buffer overflow vulnerability exists in GaussDB in Huawei FusionSphere OpenStack V100R005C10SPC705 and earlier versions. An...

SUSE-SU-2017:3080-1 Security update for openstack-nova

This update for openstack-nova brings the latest version provided by the OpenStack upstream project including the following security fix: - CVE-2017-16239: Filter Scheduler bypass through rebuild action bsc1066198...

CVE-2017-8192

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation...

CVE-2017-8193

The FusionSphere OpenStack V100R006C00SPC102NFV has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands...