155 matches found
CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image...
CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image...
PT-2016-3669 · Openstack +2 · Openstack Nova +4
Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions 7.0.0 through 7.0.1 and 8.0.0 through 8.1.1 and prior to 9.0.0 OpenStack Glance versions prior to 11.0.1 and 12.0.0 and prior to 14.0.0 OpenStack Nova versions prior to 12.0.4 and 13.0.0 Description: The image parser...
CVE-2015-5162
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image...
Low: Red Hat Security Advisory: mod_proxy_fcgi and ceph security and bug fix update
Updated modproxyfcgi and ceph packages that fix one security issue and several bugs are now available for CentOS 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Fedora 21 : openstack-cinder-2014.1.4-2.fc21 (2015-10254)
Fix CVE-2015-1851 RHBZ 1231822 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora Update for openstack-cinder FEDORA-2015-10254
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openstack-cinder: Host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...
OpenStack Cinder Information Disclosure Vulnerability (CNVD-2015-04083)
Cinder is OpenStack's chunked storage service. A security vulnerability exists in OpenStack Cinder, which can be exploited by an authenticated remote user to read arbitrary files by using a constructed graphical qcow2 signature within the upload-to-image command...
DEBIAN-CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
UBUNTU-CVE-2015-1851
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
[USN-2405-1] OpenStack Cinder vulnerabilities
========================================================================== Ubuntu Security Notice USN-2405-1 November 11, 2014 cinder vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu 14.04 LTS : OpenStack Cinder vulnerabilities (USN-2405-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2405-1 advisory. Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated...
USN-2405-1 cinder vulnerabilities
Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. CVE-2014-3641 Amrith Kumar discovered that OpenStack Cinder di...
openstack-cinder: Cinder-volume host data leak to virtual machine instance
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
Fedora 21 : openstack-cinder-2014.1.3-1.fc21 (2014-12417)
Fix CVE-2014-3641 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...
Important: Red Hat Security Advisory: openstack-packstack security, bug fix, and enhancement update
Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...
DEBIAN-CVE-2014-3641
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
PT-2014-5432 · Linux Foundation +3 · Smbfs +4
Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions prior to 2014.1.3 Description: The issue allows remote authenticated users to obtain file data from the Cinder-volume host. This is achieved by cloning and attaching a volume with a crafted qcow2 header, exploiting t...