7754 matches found
Red Hat Enterprise Linux OpenStack Platform Information Disclosure Vulnerability
Red Hat Enterprise Linux OpenStack Platform is an open source IaaS Infrastructure-as-a-Service solution from Red Hat, Inc. The solution supports the creation and management of private, public, and hybrid clouds.TripleO Heat templates tripleo-heat-templates is a set of tools for describing a sampl...
CVE-2015-5329
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
Default credentials
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
Code injection
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The CVE-2015-5303 entry concerns TripleO Heat templates (tripleo-heat-templates). When deployed from the CLI, it allows remote attackers to spoof OpenStack Networking metadata requests by exploiting knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. The vulnerabilit...
CVE-2015-5329
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
APITest.IO: SSRF on testing endpoint
Synopsis The form at https://www.apitest.io/request accepts among others the "url" parameter. This feature allows to reach internal services like the OpenStack metadata server or services running on loopback. Identified services http://0x7f.1/ nginx = "If you see this page, the nginx web server i...
SUSE-SU-2016:0739-1 Security update for openstack-trove
This update for openstack-trove fixes the following issues: - Fix multiple insecure /tmp file usage issues bsc929535, CVE-2015-3156...
Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory
Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory
Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat security advisory
Updated OpenStack Orchestration packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
OpenStack Compute Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. OpenStack Compute Nova is one of the cloud computing construct controllers written in the Python language. The OpenStack Compute...