7814 matches found
PYSEC-2017-114
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
UBUNTU-CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
Code injection
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
PYSEC-2017-114
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
CVE-2015-5695
CVE-2015-5695 affects OpenStack Designate (Kilo: 2015.1.0 through 1.0.0.0b1). The vulnerability arises because quotas for RecordSets per domain and Records per RecordSet are not enforced when processing internal zone file transfers, which can allow a remote attacker to trigger an infinite loop in...
CVE-2015-5695
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service infinite loop via a crafted resource record s...
Huawei FusionSphere OpenStack Improper Authentication Vulnerability (CNVD-2017-30767)
Huawei FusionSphere OpenStack FSO is FusionSphere's cloud platform software for ICT scenarios. An improper authentication vulnerability exists in FusionSphere OpenStack. Due to improper authentication of the privileges of the accessing user, an attacker can perform additional operations after...
Huawei FusionSphere OpenStack Improper Authentication Vulnerability
Huawei FusionSphere OpenStack FSO is FusionSphere's cloud platform software for ICT scenarios. An improper authentication vulnerability exists in FusionSphere OpenStack, which can be successfully exploited by an attacker to perform additional operations by forging a rest message due to improper...
Huawei FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-30766)
Huawei FusionSphere OpenStack FSO is FusionSphere's cloud platform software for ICT scenarios. A command injection vulnerability exists in FusionSphere OpenStack, due to insufficient input validation, an attacker can send a message with malicious commands to FusionSphere OpenStack and successfull...
Moderate: Red Hat Security Advisory: instack-undercloud security update
An update for instack-undercloud is now available for Red Hat OpenStack Platform 9.0 Mitaka director. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Security Advisory - Two Vulnerabilities in The FusionSphere OpenStack
The FusionSphere OpenStack has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. Vulnerability ID: HWPSIRT-2017-06001 This...
Security Advisory - Improper Authentication Vulnerability in The FusionSphere OpenStack
FusionSphere OpenStack has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. Vulnerability ID: HWPSIRT-2017-06002 This vulnerability has...
OpenStack Security Bypass Vulnerabilities
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration in collaboration with Rackspace, U.S.A. Openstack Ocata and Newton are both different versions of it. aodh is one of the Aodh is one of the alerting function modules. Openstack Ocata an...
OpenStack Neutron Information Disclosure Vulnerability
OpenStack is a cloud platform management project. neutron is one of the networking components that provides network-as-a-service, enabling the creation of networks between OpenStack services, access to network devices into the mesh, and more. A remote information disclosure vulnerability exists i...
Huawei FusionSphere OpenStack Command Injection Vulnerability
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...
Huawei FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-30062)
Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. The Huawei FusionSphere OpenStack suffers from a comma...
Debian DSA-3953-1 : aodh - security update
Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated us...