7746 matches found
CVE-2015-3988
OpenStack Horizon vulnerability CVE-2015-3988 involves multiple XSS flaws in the Horizon dashboard (OpenStack Dashboard), exploitable when metadata is supplied to Glance images, Nova flavors, or Host Aggregates. Affected software is OpenStack Horizon (version 2015.1.0) with remote authentication ...
OpenStack Horizon Metadata Panel HTML Injection Vulnerability
Horizon is a web control panel for managing and controlling OpenStack services. An HTML injection vulnerability exists in the OpenStack Horizon metadata panel. Allowing an attacker to steal cookie-based authentication credentials and execute HTML or JavaScript code on an affected website...
CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
DEBIAN-CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
UBUNTU-CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
Default configuration
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
CVE-2015-3646
CVE-2015-3646 affects OpenStack Keystone: the backend_argument option content could be logged in Keystone logs, enabling remote authenticated users to obtain passwords and other sensitive backend data. Publicly documented affected ranges: Keystone before 2014.1.5 and 2014.2.x before 2014.2.4. The...
CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
CVE-2015-3646
OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...
OpenStack Keystone Cache Backend Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. An information disclosure...
Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory
Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...
openstack-glance: potential resource exhaustion and denial of service using images manipulation API
Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion...
Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update
Updated openstack-glance packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which giv...
openstack-glance: potential resource exhaustion and denial of service using images manipulation API
Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion...
OpenStack s3_token encryption issue vulnerability
OpenStack Keystone is a collaboration between the National Aeronautics and Space Administration NASA and Rackspace, Inc. to develop a project for authentication that provides identity, token, directory, and policy services.OpenStack keystonemiddleware formerly known as python-keystoneclient is on...
OpenStack Object Storage Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. OpenStack Object Storage a.k.a. Swift is one of these programs used to storage project for storing permanent static data. A security...
Fedora Update for openstack-neutron FEDORA-2015-5997
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : openstack-neutron-2013.2.4-8.fc20 (2015-5997)
2013.2.4 rebase; CVE-2014-7821 fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...