EUVD-2014-0623

Malware in sbrugna...

SUSE CVE-2012-3551

Cross-site scripting XSS vulnerability in crowbarframework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils...

SUSE CVE-2014-0592

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

Default credentials

The trove service user in 1 Openstack deployment aka crowbar-openstack and 2 Trove Barclamp aka barclamp-trove and crowbar-barclamp-trove in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors...

CVE-2016-6829

The CVE-2016-6829 vulnerability affects the Crowbar/OpenStack deployment components (crowbar-openstack and Crowbar’s Trove-related barclamps). The issue is a default password used by the trove service user, enabling remote access via unspecified vectors. Multiple connected sources confirm the roo...

CVE-2014-0592

CVE-2014-0592 concerns Barclamp (aka barclamp-network) version 1.7 used in SUSE Cloud 3. It reports that the Crowbar Framework component does not enable netfilter on bridges when creating new instances, allowing remote attackers to bypass security group restrictions via unspecified vectors relate...