7747 matches found
PYSEC-2015-28
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
Code injection
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PYSEC-2015-28
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
Code injection
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
CVE-2015-5242
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
CVE-2015-5306
CVE-2015-5306 affects OpenStack Ironic Inspector (ironic-inspector/ironic-discoverd). When Flask debug mode is enabled, an error can expose the Flask debug console, potentially allowing a remote attacker to execute arbitrary Python code. The vulnerability is documented in OSV and Red Hat advisori...
CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
CVE-2015-5242
CVE-2015-5242 affects OpenStack Swift-on-File (swiftonfile). The issue arises from loading metadata with Python’s pickle without proper restrictions, enabling a remote authenticated user to execute arbitrary code via crafted xattrs. Documented impact is remote code execution on the storage node; ...
CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PT-2015-6843 · Openstack · Openstack Ironic Inspector
Name of the Vulnerable Software and Affected Versions: OpenStack Ironic Inspector affected versions not specified Description: The issue allows remote attackers to access the Flask console and execute arbitrary Python code by triggering an error when debug mode is enabled. Recommendations: At the...
SUSE-SU-2015:2064-1 Security update for openstack-dashboard
This update provides fixes and enhancements for openstack-dashboard, crowbar-barclamp-novadashboard and python-djangoopenstackauth. openstack-dashboard: - Reset flavors for other than 'Boot from Image' source type. bsc945515 - Add deactivated status for glance image. - Fix TemplateSyntaxError at...
[SECURITY] Fedora 22 Update: openstack-ironic-discoverd-1.1.1-1.fc22
ironic-discoverd is a service for discovering hardware properties for a node managed by OpenStack Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduli ng from a bare metal node, given it's power management credentials e....
Fedora Update for openstack-ironic-discoverd FEDORA-2015-5062
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 23 Update: openstack-ironic-discoverd-1.1.1-1.fc23
ironic-discoverd is a service for discovering hardware properties for a node managed by OpenStack Ironic. Hardware introspection or hardware properties discovery is a process of getting hardware parameters required for scheduli ng from a bare metal node, given it's power management credentials e....
OpenStack ironic-discoverd remote code execution vulnerability
OpenStack is a cloud platform management project. ironic-discoverd is one of the components that provides hardware internal self-testing service functionality. A security vulnerability exists in OpenStack ironic-discovered that allows remote attackers to exploit the vulnerability by submitting a...
CVE-2015-7713
OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...
DEBIAN-CVE-2015-7713
OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...
CVE-2015-7713
OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...
Design/Logic Flaw
OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...
CVE-2015-7713
CVE-2015-7713 affects OpenStack Nova. The vulnerability arises when security group changes are not correctly applied to already-running instances, allowing remote attackers to bypass intended network restrictions. Affected releases: OpenStack Nova before 2014.2.4 (juno) and before 2015.1.x before...