CVE-2015-1195

The CVE-2015-1195 issue concerns OpenStack Image Registry Delivery Service (Glance) V2 API where versions prior to 2014.1.4 and 2014.2.x prior to 2014.2.2 allow an authenticated remote user to read or delete arbitrary files via a full pathname in a filesystem:// URL in the image location property...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

openSUSE Security Update : openstack-dashboard (openSUSE-SU-2015:0078-1)

OpenStack Dashboard was updated to fix bugs and security issues. Full changes : - Update to version horizon-2013.2.5.dev2.g9ee7273 : - fix Horizon login page DOS attack bnc908199, CVE-2014-8124 - update version to 2013.2.5 - Updated from global requirements - Pin docutils to 0.9.1 - Set python ha...

SUSE-SU-2015:0324-1 Security update for openstack-nova

This update for openstack-nova provides stability fixes from the upstream OpenStack project: Add @retryondeadlock to instanceupdate Fix nova-compute start issue after evacuate Fix nova evacuate issues for RBD Add wrapdberror support to SessionTransaction.commit Fixes DoS issue in instance list ip...

Oracle Solaris Third-Party Patch Update : horizon (cve_2014_3594_cross_site)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject...

Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...

Oracle Solaris Third-Party Patch Update : glance (cve_2014_5356_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, whic...

Oracle Solaris Third-Party Patch Update : neutron (cve_2014_6414_unauthenticated_access)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. CVE-2014-6414 %NASLMINLEVEL 70300 C...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)

The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...

Oracle Solaris Third-Party Patch Update : nova (multiple_vulnerabilities_in_nova)

The remote Solaris system is missing necessary patches to address security updates : - The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_7144_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the 'insecure' option is set in a paste configuration paste.ini file...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

Code injection

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

UBUNTU-CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The CVE-2014-8153 entry affects the L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2 when using radvd 2.0+. A remote authenticated user can cause a denial of service (blocked router update processing) by creating eight routers and assigning an IPv6 non-provider subnet to each. Connected adv...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

Moderate: Red Hat Security Advisory: openstack-neutron security update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...