7754 matches found
DSA-3617-1 horizon - security update
Bulletin has no description...
Debian Security Advisory DSA 3617-1 (horizon - security update)
Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. OpenVAS Vulnerability Test $Id: deb3617.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3617-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone...
openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...
Moderate: Red Hat Security Advisory: openstack-ironic security update
An update for openstack-ironic is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...
Moderate: Red Hat Security Advisory: openstack-ironic security update
An update for openstack-ironic is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
[SECURITY] Fedora 23 Update: python-django-horizon-2015.1.4-1.fc23
Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...
CVE-2016-4474
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...
CVE-2016-4474
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...
CVE-2016-4474
CVE-2016-4474 affects Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) overcloud-full images. The image build process uses a default root password (ROOTPW/rootpw), enabling potential remote root access via unspecified vectors. Red Hat ad...
Arbitrary Code Execution Vulnerability in Multiple Openstack Products
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace.Openstack Murano is an application catalog management project.Murano-muranoclient is a client library for building Murano APIs. Openstack Murano is an application catalog...
CVE-2016-4972
A flaw was discovered in openstack-murano processing. Using extended YAML tags in Murano-application YAML files, an attacker could perform remote code execution...
Openstack-infra puppet-gerrit module cross-site scripting vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Openstack-infra is the infrastructure used in it. puppet-gerrit is one of the components used to install gerrit and manage the OpenStack infrastructure. A cross-site...
CVE-2016-4985
An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...
OpenStack Ironic Authentication Bypass Vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Ironic is a component that provides bare-metal and virtual machine hypervisor interaction. A security vulnerability exists in Ironic. An attacker can exploit the...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Important: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Important: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...