7759 matches found
Code injection
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
CVE-2017-6709
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
CVE-2017-6709
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller ESC and Cisco OpenStack deployments in an affected system. The vulnerability exists because the...
CVE-2017-6709
The CVE-2017-6709 case concerns Cisco’s Ultra Services Framework AutoVNF, where the AutoVNF tool logs administrative credentials in plaintext. This creates a risk that an unauthenticated, remote attacker could read credentials from the log files stored at the AutoVNF URL, enabling access to Cisco...
CVE-2016-4383
An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...
Moderate: Red Hat Security Advisory: openstack-nova and python-novaclient security, bug fix, and enhancement update
An update for openstack-nova and python-novaclient is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs
A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...
Moderate: Red Hat Security Advisory: python-django security update
An update for python-django is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-keystone: Incorrect role assignment with federated Keystone
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
Important: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
python-django-horizon: XSS in federation mappings UI
A cross-site scripting flaw was discovered in the OpenStack dashboard horizon which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard...
Low: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update
An update for python-django-horizon is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-mistral: /var/log/mistral/ is world readable
An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...
Moderate: Red Hat Security Advisory: openstack-mistral security, bug fix, and enhancement update
An update for openstack-mistral is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
UBUNTU-CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
Authentication flaw
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...
CVE-2016-4383
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...