7754 matches found
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
DEBIAN-CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
Cross site scripting
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
UBUNTU-CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
Code injection
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4985
The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
CVE-2016-4985
CVE-2016-4985 affects the OpenStack Ironic project, specifically the ironic-api service. The vulnerability allows an attacker with network access to the ironic-api to bypass authentication and retrieve full details of a registered node by knowing the node’s MAC address and sending a crafted POST ...
CVE-2016-4428
OpenStack Horizon (Dashboard) is affected by an XSS vulnerability (CVE-2016-4428) present in Horizon 8.0.1 and earlier and 9.0.0–9.0.1. The issue arises from injecting an AngularJS template into a dashboard form, allowing a remote authenticated user to inject arbitrary script/HTML. Impact reporte...
CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
UBUNTU-CVE-2016-4428
Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...
PT-2016-6206 · Openstack · Openstack Ironic
Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 4.2.5 Liberty OpenStack Ironic versions 5.x prior to 5.1.2 Mitaka Description: The issue allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC...
Debian DSA-3617-1 : horizon - security update
Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3617. The text itself ...
[SECURITY] [DSA 3617-1] horizon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3617-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 06, 2016 https://www.debian.org/security/faq -...
PT-2016-5954 · Openstack +1 · Openstack Dashboard +1
Name of the Vulnerable Software and Affected Versions: OpenStack Dashboard Horizon versions 8.0.1 and earlier OpenStack Dashboard Horizon versions 9.0.0 through 9.0.1 Description: A cross-site scripting XSS issue allows remote authenticated users to inject arbitrary web script or HTML by injectin...