CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

DEBIAN-CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

DEBIAN-CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Design/Logic Flaw

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Design/Logic Flaw

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Default configuration

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

Default configuration

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, is affected. The issue arises when heat-templates configures Yum repositories with sslverify set to false, effectively disabling SSL verification and allowing man-in-the-middle attackers to inte...

CVE-2013-6470

The CVE-2013-6470 entry concerns the default configuration of the standalone controller quickstack manifest in openstack-foreman-installer used with Red Hat Enterprise Linux OpenStack Platform 4.0. The root cause is that the Qpid service is configured without authentication by default, allowing r...

CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...