7755 matches found
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform...
SUSE-SU-2017:1233-1 Security update for openstack-magnum
This update for openstack-magnum fixes the following issues: Security issues fixed: - CVE-2016-7404: Magnum created instances have full API access to creating user's OpenStack account bsc998182. Bugfixes: - Fixed exception for InvalidParameterValue. - Updated patches have been tested against...
Product update: Virtuozzo PowerPanel RTM Hotfix 2 (7.0.1-354)
The new packages for Virtuozzo PowerPanel introducing usability bug fixes. Vulnerability id: PP-403 Installation of computes failed to complete if 'nodes.lst' had empty lines. Vulnerability id: PP-401 Unable to join computes due to incorrect repository priorities. Vulnerability id: PP-378 Improve...
OpenStack Keystone Security Bypass Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. A security bypass...
PT-2017-15467 · Openstack +1 · Openstack Identity Service +1
Name of the Vulnerable Software and Affected Versions: OpenStack Identity service keystone affected versions not specified Description: An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service. This issue allows an authenticated federated user to...
CVE-2017-2673
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
UBUNTU-CVE-2017-2673
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...
Cross site scripting
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
DEBIAN-CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
UBUNTU-CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
OpenStack Manila CVE-2016-6519 is a cross-site scripting (XSS) vulnerability in the Shares overview. The flaw allows remote authenticated users to inject arbitrary HTML/JavaScript via the Metadata field in the Create Share form, affecting Manila prior to 2.5.1. The issue arises in the web UI comp...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
CVE-2016-6519
Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...
Security Advisory - Buffer Overflow vulnerability in the FusionSphere OpenStack
The GaussDB of the FusionSphere OpenStack has a stack overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...
Security feature bypass
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
PYSEC-2017-21
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
PYSEC-2017-21
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...