7754 matches found
PT-2017-8755
Name of the Vulnerable Software and Affected Versions Openstack Puppet module for Gerrit affected versions not specified Description The issue is related to the Gerrit configuration in the Openstack Puppet module, where text/html is improperly marked as a safe mimetype. This could potentially all...
Important: Red Hat Security Advisory: puppet-tripleo security update
An update for puppet-tripleo is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud
An access-control flaw was discovered in puppet-tripleo's IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. Some API services in Red Hat OpenStack Platform director are not exposed to public networks, which meant their $publicsslport value was set to...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova update
An update for openstack-nova, openstack-cinder, and openstack-glance is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
Default credentials
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...
CVE-2016-6829
The CVE-2016-6829 vulnerability affects the Crowbar/OpenStack deployment components (crowbar-openstack and Crowbar’s Trove-related barclamps). The issue is a default password used by the trove service user, enabling remote access via unspecified vectors. Multiple connected sources confirm the roo...
Moderate: Red Hat Security Advisory: openstack-cinder and openstack-glance security update
Updated openstack-cinder and openstack-glance packages that fix one security issue are now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which give...
openstack-nova/glance/cinder: Malicious image may exhaust resources
A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...
OpenStack Glance Denial of Service Vulnerability (CNVD-2016-11421)
OpenStack is a cloud platform management project. glance is one of the projects that can store, query and retrieve virtual machine images. A denial of service vulnerability exists in OpenStack Glance, which can be exploited by an attacker to cause a denial of service...
OpenStack Heat Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. An information disclosure vulnerability exists in OpenStack Heat, which is exploited by an authenticated attacker to obtain information...
DEBIAN-CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
Design/Logic Flaw
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...
UBUNTU-CVE-2016-9185
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are =6.0.0 =6.1.0, and ==7.0.0...