7747 matches found
Design/Logic Flaw
The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...
CVE-2015-5295
CVE-2015-5295 affects OpenStack Heat’s template-validate command. A remote authenticated user can abuse the template validation path to cause memory exhaustion (DoS) or to determine the existence of local files via the resource type in a template, demonstrated by file:///dev/zero. Affected softwa...
CVE-2015-5295
The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...
CVE-2015-5295
The template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or determine the existence of local files via the resource type in a template, as demonstrated by...
PT-2016-3680 · Openstack · Openstack Orchestration Api
Name of the Vulnerable Software and Affected Versions: OpenStack Orchestration API Heat versions prior to 2015.1.3 OpenStack Orchestration API Heat versions 5.0.x prior to 5.0.1 Description: The issue allows remote authenticated users to cause a denial of service memory consumption or determine t...
Fedora Update for openstack-glance FEDORA-2015-66439
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenStack Nova Information Disclosure Vulnerability (CNVD-2016-00382)
OpenStack is a cloud platform management project. openStack Nova is one of the cloud computing construct controllers written in Python and is part of the IaaS system. OpenStack Nova suffers from a security vulnerability that allows remote attackers to exploit the vulnerability to gain access to...
[SECURITY] Fedora 23 Update: openstack-glance-2015.1.2-1.fc23
OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...
CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
DEBIAN-CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
Design/Logic Flaw
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
CVE-2015-8749
CVE-2015-8749 affects OpenStack Nova (Compute) when using the Xen backend. The function volume_utils._parse_volume_info can cause the StorageError message to include the connection_info dictionary, potentially exposing sensitive password information via logs or other vectors. Affected versions: O...
CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
OpenStack Compute(liberty) directory traversal vulnerability
OpenStack is a cloud platform management project.OpenStack Compute Nova is one of the cloud computing construct controllers written in the Python language and is part of the IaaS system. OpenStack Compute has a security vulnerability. When a program spawns an instance using libvirt and sets...
Swift3 Replay Attack Vulnerability
OpenStack is a cloud platform management project.Swift is one of the storage projects for storing permanent static data.Swift3 is a middleware that provides access to OpenStack Swift through the Amazon S3 API. Swift3 has a security vulnerability that allows a remote attacker to perform a replay...
UBUNTU-CVE-2015-8749
The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...
SUSE-SU-2016:0101-1 Security update for openstack-glance
This update for openstack-glance provides the following fixes: - Catch NotAuthenticated exception in import task. bsc947735, CVE-2015-5286 - Cleanup chunks for deleted image if token expired. bsc947735, CVE-2015-5286 - Prevent image status being directly modified via v1. bsc945994, CVE-2015-5251 ...