7715 matches found
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
PT-2013-3405
Name of the Vulnerable Software and Affected Versions Red Hat OpenStack PackStack versions 2012.2.3 Description The issue allows local users to modify deployed systems by changing the answer file, which can be created in insecure directories such as /tmp or the current working directory...
Fedora 18 : openstack-keystone-2012.2.3-5.fc18 (2013-4590)
Fix online revocation check for PKI tokens CVE-2013-1865 Add openssl dependency for PKI tokens Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Important: Red Hat Security Advisory: puppet security update
Updated puppet packages that fix several security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix two security issues and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
keystone: online validation of Keystone PKI tokens bypasses revocation check
OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...
Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update
Updated openstack-glance packages that fix one security issue and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Glance: Backend credentials leak in Glance v1 API
The v1 API in OpenStack Glance Essex 2012.1, Folsom 2012.2, and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image...
DEBIAN-CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
DEBIAN-CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
Code injection
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...