OpenStack Horizon Orchestration Dashboard栈模版描述字段存储型跨站脚本漏洞

CVE ID:CVE-2014-0157 OpenStack Horizon用于为所有OpenStack服务提供一个模块化的基于页面的用户接口。 OpenStack Horizon Orchestration dashboard没有校验栈模版的描述符字段输入，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。 0 OpenStack Horizon 2013.2 OpenStack Horizon 2013.2.3 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： https://review.openstack.org/86054...

Important: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which give...

Fedora Update for openstack-keystone FEDORA-2014-4210

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2014-4210 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openstack-keystone FEDORA-2014-4210

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : openstack-keystone-2013.1.5-2.fc19 (2014-4210)

updated to stable grizzly 2013.1.5 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEV...

[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.5-2.fc19

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

openstack: horizon multiple XSS vulnerabilities.

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

openstack-nova: XenAPI security groups not kept through migrate or resize

The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...

Nova: insecure directory permissions in snapshots

OpenStack Compute Nova Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

Swift: TempURL timing attack

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

nova: qpid SSL configuration

The python-qpid client common/rpc/implqpid.py in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpidprotocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform 3 Bug Fix and Enhancement Advisory

Updated packages for Red Hat Enterprise Linux OpenStack Platform 3.0 Grizzly, which fix bugs and add enhancements, are now available. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

Fedora Update for openstack-nova FEDORA-2014-4188

Check for the Version of openstack-nova OpenVAS Vulnerability Test Fedora Update for openstack-nova FEDORA-2014-4188 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for openstack-nova FEDORA-2014-4188

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : openstack-nova-2013.1.5-1.fc19 (2014-4188)

Update to stable/grizzly release 2013.1.5 - Keep XenAPI security groups through migrate and resize - CVE-2013-4497 - Secure directory permissions in snapshots - CVE-2013-7048 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...

[SECURITY] Fedora 19 Update: openstack-nova-2013.1.5-1.fc19

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...