7746 matches found
USN-2703-1: Cinder vulnerability
Bastian Blank discovered that Cinder guessed image formats based on untrusted data. An attacker could use this to read arbitrary files from the Cinder host...
openstack-swift: Swift metadata constraints are not correctly enforced
A flaw was found in the metadata constraints in OpenStack Object Storage swift. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...
Important: Red Hat Security Advisory: Red Hat Gluster Storage 3.1 update
Red Hat Gluster Storage 3.1, which fixes multiple security issues, several bugs, and adds various enhancements, is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Fedora 21 : openstack-cinder-2014.1.4-2.fc21 (2015-10254)
Fix CVE-2015-1851 RHBZ 1231822 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
[SECURITY] Fedora 21 Update: openstack-cinder-2014.1.4-2.fc21
OpenStack Volume codename Cinder provides services to manage and access block storage volumes for use by Virtual Machine instances...
Fedora Update for openstack-cinder FEDORA-2015-10254
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenStack Swift DLO Objects Denial of Service Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A denial of service vulnerability exists in OpenStack Swift DLO Objects, which allows attackers to exploit this vulnerability to launch...
OpenStack Neutron Denial of Service Vulnerability (CNVD-2015-04539)
OpenStack Neutron is a networking module for OpenStack that accommodates a large number of plug-ins that handle integration with other networking services. A denial-of-service vulnerability exists in OpenStack Neutron, which allows attackers to exploit this vulnerability to crash applications and...
OpenStack Nova Denial of Service Vulnerability (CNVD-2015-04540)
OpenStack Compute Nova is a cloud computing construct controller written in Python and is part of a laaS system. A denial of service vulnerability exists in OpenStack Nova, which allows attackers to exploit this vulnerability to launch denial of service attacks...
Fedora Update for openstack-glance FEDORA-2015-6169
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: openstack-cinder security and bug fix update
Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 and 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score,...
openstack-cinder: Host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...
OpenStack Cinder Information Disclosure Vulnerability (CNVD-2015-04083)
Cinder is OpenStack's chunked storage service. A security vulnerability exists in OpenStack Cinder, which can be exploited by an authenticated remote user to read arbitrary files by using a constructed graphical qcow2 signature within the upload-to-image command...
DEBIAN-CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
Command injection
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder contains a vulnerability (CVE-2015-1851) where remote authenticated users could read arbitrary files via a crafted qcow2 header in the upload-to-image command. Affected series include OpenStack Cinder releases up to 2014.1.5 (icehouse), 2014.2.x up to 2014.2.4 (juno), and 2015.1....