7716 matches found
DEBIAN-CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
Design/Logic Flaw
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
CVE-2013-4428
CVE-2013-4428 affects the OpenStack Image Registry and Delivery Service (Glance) in the Folsom/Grizzly line before 2013.1.4 and Havana before 2013.2. The issue is a flaw in the download_image policy enforcement for cached system images: after an image is cached by an authorized download, any auth...
CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
USN-2005-1: Cinder vulnerabilities
Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. CVE-2013-4183 Grant Murphy discovered that Cinder would allow XML entity processing. A remote...
USN-2004-1: python-glanceclient vulnerability
Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a machine-in-the-middle attack...
USN-2003-1: Glance vulnerability
Stuart McLaren discovered that Glance did not properly enforce the 'downloadimage' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting...
USN-2001-1: Swift vulnerability
Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption...
CVE-2013-4428
OpenStack Image Registry and Delivery Service Glance Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the downloadimage policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image...
Foreman Red Hat OpenStack bookmarks Code Injection (CVE-2013-2121)
A remote code execution vulnerability has been reported in ForemanRed Hat OpenStack. The vulnerability is due to improper sanitization of certain parameters. A remote attacker can exploit this issue by sending a specially crafted packet to the target server. Successful exploitation would allow an...
CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
DEBIAN-CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
Design/Logic Flaw
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...
CVE-2013-4222
CVE-2013-4222 affects OpenStack Keystone (Folsom, Grizzly 2013.1.3 and earlier, Havana before havana-3). The vulnerability arises because Keystone does not properly revoke user tokens when a tenant is disabled, allowing remote authenticated users to continue accessing resources via their tokens. ...
CVE-2013-4222
OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...