7813 matches found
Important: Red Hat Security Advisory: Red Hat OpenStack Platform director security update
An update is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
openstack-keystone: Incorrect role assignment with federated Keystone
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-heat: Template source URL allows network port scan
An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...
openstack-heat: /var/log/heat/ is world readable
An access-control flaw was found in the OpenStack Orchestration heat service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...
Moderate: Red Hat Security Advisory: openstack-heat security and bug fix update
An update for openstack-heat is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
openstack-heat: Template source URL allows network port scan
An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...
Low: Red Hat Security Advisory: openstack-heat security and bug fix update
An update for openstack-heat is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...
Low: Red Hat Security Advisory: openstack-heat security and bug fix update
An update for openstack-heat is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-heat: Template source URL allows network port scan
An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the details of internal network services...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...
DEBIAN-CVE-2015-7514
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...
Information disclosure
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...