7754 matches found
Code injection
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
CVE-2016-4972
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
CVE-2016-4972
OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...
CVE-2016-4972
CVE-2016-4972 – OpenStack Murano YAML loader misuse leading to RCE . Affected: OpenStack Murano (pre-1.0.3, Liberty) and Murano 2.x before 2.0.1 (Mitaka); Murano-dashboard before 1.0.3 and 2.x before 2.0.1; python-muranoclient before 0.7.3 (Liberty) and 0.8.x before 0.8.5 (Mitaka). Detail: Murano...
CVE-2016-7498
OpenStack Compute nova 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression...
OpenStack manila HTML Injection Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. An HTML injection vulnerability exists in OpenStack manila. As the program fails to adequately filter user-submitted input. When a user...
SUSE-SU-2016:2325-1 Security update for openstack-keystone, openstack-nova, and openstack-swift
This update for openstack-keystone, openstack-nova, and openstack-swift fixes the following issues: - Fix hybrid backend from keystone v3 bsc967356 - Fix cleanup when block migration fails bsc960015 - Avoid host data leak bsc960601, CVE-2015-7548 - Fix init script for openstack-swift-object-expir...
SUSE-SU-2016:2143-1 Security update for several openstack-components
This update provides the latest code from OpenStack Liberty for openstack-ceilometer, -cinder, -dashboard, -glance, -heat, -keystone, -manila, -neutron, -neutron-fwaas, -neutron-lbaas,-nova, -resource-agents, python-networking-cisco and python-openstackclient. Additionally some security-issues ha...
Crowbar Openstack Insecure Default Password Vulnerability
An insecure default password vulnerability exists in Crowbar Openstack. A remote attacker could exploit this vulnerability to gain unauthorized access and perform unauthorized actions...
SUSE-SU-2016:1966-1 Security update for several openstack-components
This update provides the latest code from OpenStack Liberty for openstack-designate, -ironic, -neutron-vpnaas, -nova-docker, -sahara, -tempest and -trove. Additionally the following security issue has been fixed: openstack-ironic: - Mask password on agent lookup according to policy bsc984802,...
IBM PowerVC Information Disclosure Vulnerability (CNVD-2016-05956)
IBM PowerVC is a suite of virtualization management solutions. IBM PowerVC is affected by the OpenStack Nova information disclosure vulnerability. A local attacker can exploit the vulnerability to read arbitrary files from the host via qcow2 support for file overwrite image conversion...
Low: Red Hat Security Advisory: openstack-neutron security and bug fix update
An update for openstack-neutron is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-neutron: DHCP spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
openstack-neutron: MAC source address spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
openstack-neutron: MAC source address spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
openstack-neutron: DHCP spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
Low: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update
An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
openstack-neutron: ICMPv6 source address spoofing vulnerability
Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...
DEBIAN-CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...