OpenStack Neutron Denial of Service Vulnerability (CNVD-2015-04539)

OpenStack Neutron is a networking module for OpenStack that accommodates a large number of plug-ins that handle integration with other networking services. A denial-of-service vulnerability exists in OpenStack Neutron, which allows attackers to exploit this vulnerability to crash applications and...

OpenStack Nova Denial of Service Vulnerability (CNVD-2015-04540)

OpenStack Compute Nova is a cloud computing construct controller written in Python and is part of a laaS system. A denial of service vulnerability exists in OpenStack Nova, which allows attackers to exploit this vulnerability to launch denial of service attacks...

Fedora Update for openstack-glance FEDORA-2015-6169

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openstack-cinder: Host file disclosure through qcow2 backing file

A flaw was found in the OpenStack Block Storage cinder upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host...

Important: Red Hat Security Advisory: openstack-cinder security and bug fix update

Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 and 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score,...

OpenStack Cinder Information Disclosure Vulnerability (CNVD-2015-04083)

Cinder is OpenStack's chunked storage service. A security vulnerability exists in OpenStack Cinder, which can be exploited by an authenticated remote user to read arbitrary files by using a constructed graphical qcow2 signature within the upload-to-image command...

DEBIAN-CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

Command injection

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

CVE-2015-1851

OpenStack Cinder contains a vulnerability (CVE-2015-1851) where remote authenticated users could read arbitrary files via a crafted qcow2 header in the upload-to-image command. Affected series include OpenStack Cinder releases up to 2014.1.5 (icehouse), 2014.2.x up to 2014.2.4 (juno), and 2015.1....

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

UBUNTU-CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

CVE-2015-1851

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

OpenStack Horizon Cross-Site Scripting Vulnerability

OpenStack is a cloud platform management project.Horizon is a dashboard project that provides users and administrators with a Web-based user interface for managing OpenStack services. A cross-site scripting vulnerability exists in OpenStack Horizon, which allows remote attackers to exploit the...

Debian DSA-3292-1 : cinder - security update

Bastian Blank from credativ discovered that cinder, a storage-as-a-service system for the OpenStack cloud computing suite, contained a bug that would allow an authenticated user to read any file from the cinder server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 3292-1] cinder security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3292-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 19, 2015 https://www.debian.org/security/faq -...

OpenStack cinder privilege escalation

Authorized user can access any files...

[SECURITY] [DSA 3292-1] cinder security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3292-1 [email protected] https://www.debian.org/security/ Sebastien Delafond June 19, 2015 https://www.debian.org/security/faq -...