EUVD-2014-0623

Malware in sbrugna...

SUSE CVE-2012-3551

Cross-site scripting XSS vulnerability in crowbarframework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils...

SUSE CVE-2014-0592

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

SUSE CVE-2016-6829

The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...

SUSE-SU-2016:3056-1 Security update for crowbar-barclamp-trove

This update for crowbar-barclamp-trove fixes the following issues: - Fix initial migration and schema revision. - Set the trove service password to random. bsc991729, CVE-2016-6829...

SUSE-SU-2015:1890-1 Security update for openstack-neutron and crowbar-barclamp-neutron

This update provides security fixes and improvements for openstack-neutron and crowbar-barclamp-neutron. crowbar-barclamp-neutron: - Add infoblox support. - Add configurations required to support DHCP relay. - Create 'floating' network as 'flat' provider network. bsc946882 - Fix search for Nova...

SUSE-RU-2015:1730-1 Recommended update for various Crowbar barclamps and OpenStack components

This update provides fixes and enhancements for various Crowbar barclamps and OpenStack components. crowbar-barclamp-ceilometer: - Do not assume ceilometer-agent-hyperv is listed in elements. bsc937117 crowbar-barclamp-cinder: - Fix hideShow toggle of passwordfield in backends. bsc919963...

CVE-2014-0592

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

Security feature bypass

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

CVE-2014-0592

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

CVE-2014-0592

CVE-2014-0592 concerns Barclamp (aka barclamp-network) version 1.7 used in SUSE Cloud 3. It reports that the Crowbar Framework component does not enable netfilter on bridges when creating new instances, allowing remote attackers to bypass security group restrictions via unspecified vectors relate...

Cross site scripting

Cross-site scripting XSS vulnerability in crowbarframework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils...

CVE-2012-3537

CVE-2012-3537 affects the Crowbar project’s Crowbar Deployer, specifically the Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb). The vulnerability is due to insecure handling of temporary files and predictable file names, enabling local users to execute arbitrary shell commands....

CVE-2012-3537

The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...

CVE-2012-3551

CVE-2012-3551 is an XSS vulnerability in the Crowbar barclamp, specifically in crowbar_framework/app/views/support/index.html.haml. The flaw allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils, affecting Crowbar versions possibly 1.4 and earlier. The co...