openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template

Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...

Low: Red Hat Security Advisory: python-django-horizon security update

Updated python-django-horizon packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

foreman-installer: insecure defaults

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

Moderate: Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update

An updated openstack-foreman-installer package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

openstack-neutron: insufficient authorization checks when creating ports

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

Moderate: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability...

openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation

No description is available for this CVE...

[SECURITY] Fedora 20 Update: openstack-neutron-2013.2.3-7.fc20

Neutron is a virtual network service for Openstack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services e.g.,...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

DEBIAN-CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

Design/Logic Flaw

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

CVE-2014-3801

OpenStack Heat (Orchestration) vulnerability CVE-2014-3801 affects Heat 2013.2 through 2013.2.3 and 2014.1, where creating a stack for a template using a provider template could let remote authenticated users obtain the provider template URL via the resource-type-list. The Red Hat advisory RHSA-2...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

UBUNTU-CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

Fedora Update for openstack-glance FEDORA-2014-5198

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...

CVE-2013-4471

The Identity v3 API in OpenStack Dashboard Horizon before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user...