Ubuntu 14.04 LTS : OpenStack Glance vulnerabilities (USN-3446-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3446-1 advisory. Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change th...

Ubuntu 14.04 LTS : OpenStack Swift vulnerabilities (USN-3451-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3451-1 advisory. It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could...

Ubuntu 14.04 LTS : OpenStack Horizon vulnerability (USN-3447-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3447-1 advisory. Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting XSS attacks. A remote authenticated user...

Ubuntu: Security Advisory (USN-3448-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3446-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3449-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3451-1 swift vulnerabilities

It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. CVE-2015-5223 Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly...

USN-3451-1: OpenStack Swift vulnerabilities

It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. CVE-2015-5223 Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly...

USN-3449-1: OpenStack Nova vulnerabilities

George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. CVE-2015-3241 George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleti...

USN-3449-1 nova vulnerabilities

George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. CVE-2015-3241 George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleti...

USN-3448-1: OpenStack Keystone vulnerability

Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations...

USN-3448-1 keystone vulnerability

Boris Bobrov discovered that OpenStack Keystone incorrectly handled federation mapping when there are rules in which group-based assignments are not used. A remote authenticated user may receive all the roles assigned to a project regardless of the federation mapping, contrary to expectations...

USN-3447-1: OpenStack Horizon vulnerability

Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting XSS attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form...

USN-3447-1 horizon vulnerability

Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was incorrect protected against cross-site scripting XSS attacks. A remote authenticated user could use this issue to inject web script or HTML in a dashboard form...

USN-3446-1: OpenStack Glance vulnerabilities

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. CVE-2015-5251 Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly...

Exploit for Improper Restriction of XML External Entity Reference in Juniper Contrail

CVE-2017-10616 & CVE-2017-10617 These two vulnerabilities aff...

OpenStack Kilo Designate Denial of Service Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc.OpenStack Kilo is a version of OpenStack.Designate is one of the DNSaaS components. A security vulnerability exists in Designate versions 2015.1.0 through...

SUSE-SU-2017:2627-1 Security update for openstack-aodh

This update for openstack-aodh fixes the following security issues: - CVE-2017-12440: Aodh did not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allowed remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obta...