7812 matches found
Important: Red Hat Security Advisory: puppet-tripleo security update
An update for puppet-tripleo is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova update
An update for openstack-nova, openstack-cinder, and openstack-glance is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
Default credentials
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The CVE-2016-6829 vulnerability affects the Crowbar/OpenStack deployment components (crowbar-openstack and Crowbar’s Trove-related barclamps). The issue is a default password used by the trove service user, enabling remote access via unspecified vectors. Multiple connected sources confirm the roo...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
Moderate: Red Hat Security Advisory: openstack-cinder and openstack-glance security update
Updated openstack-cinder and openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
OpenStack Glance Denial of Service Vulnerability (CNVD-2016-11421)
OpenStack is a cloud platform management project. glance is one of the projects that can store, query and retrieve virtual machine images. A denial of service vulnerability exists in OpenStack Glance, which can be exploited by an attacker to cause a denial of service...
OpenStack Heat Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. An information disclosure vulnerability exists in OpenStack Heat, which is exploited by an authenticated attacker to obtain information...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
DEBIAN-CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
Design/Logic Flaw
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
UBUNTU-CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
CVE-2016-9185 affects OpenStack Heat (OpenStack Orchestration). The vulnerability allows an authenticated user to discover internal network configuration by launching a new Heat stack with a local URL, causing an information-leak. Affected OpenStack Heat versions are =6.0.0