CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

UBUNTU-CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

DEBIAN-CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

CVE-2015-7514

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information...

CVE-2015-7514

CVE-2015-7514 affects OpenStack Ironic 4.2.0–4.2.1. The root cause is that the disk is not properly cleaned after use, allowing remote authenticated users to obtain sensitive information. The incident is limited to the described OpenStack Ironic versions; no remediation details are provided in th...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09507)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09508)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Huawei FusionSphere and FusionSphere OpenStack Command Injection Vulnerability (CNVD-2017-09506)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. A command injection vulnerability exists in Huawei...

Security Advisory - Four Command Injection Vulnerabilities in The FusionSphere OpenStack

The FusionSphere OpenStack has four command injection vulnerabilities due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. Vulnerability ID:...

SUSE-SU-2017:1443-1 Security update for several openstack-components

This update for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -magnum and -novaopenstack-keystone provides the latest code from OpenStack Newton. - nova: Add release note that legacy notification exception contexts appearing in ERROR level logs may include sensiti...

OpenStack Magnum Security Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Magnum is a container resource management component. A security bypass vulnerability exists in OpenStack Magnum. An attacker could use this vulnerability to bypass...

Red Hat OpenStack Platform Remote Privilege Vulnerability

Red Hat OpenStack Platform is a Red Hat platform that provides the next generation of IaaS Infrastructure as a Service cores for private, public and hybrid clouds. RedHat OpenStack Platformis vulnerable to a remote privilege extraction vulnerability. An attacker can exploit this vulnerability to...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform director security update

An update is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

openstack-heat: /var/log/heat/ is world readable

An access-control flaw was found in the OpenStack Orchestration heat service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

Moderate: Red Hat Security Advisory: openstack-heat security, bug fix, and enhancement update

An update for openstack-heat is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-7404

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...

SUSE-SU-2017:1233-1 Security update for openstack-magnum

This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account bsc998182. Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against...

Product update: Virtuozzo PowerPanel RTM Hotfix 2 (7.0.1-354)

The new packages for Virtuozzo PowerPanel introducing usability bug fixes. Vulnerability id: PP-403 Installation of computes failed to complete if 'nodes.lst' had empty lines. Vulnerability id: PP-401 Unable to join computes due to incorrect repository priorities. Vulnerability id: PP-378 Improve...