CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

CVE-2014-9623

OpenStack Glance (Image Service) CVE-2014-9623 affects 2014.2.x through 2014.2.1, 2014.1.3 and earlier, allowing remote authenticated users to bypass storage quota and cause disk DoS by deleting an image in the saving state. Root cause is an incomplete fix that permitted quota bypass during uploa...

CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

OpenStack Image Registry Delivery Service Arbitrary File Manipulation Vulnerability

The OpenStack Image Registry Delivery Service is an OpenStack project that stores, queries, and retrieves virtual machine images. An arbitrary file manipulation vulnerability exists in OpenStack Image Registry Delivery Service versions prior to 2014.1.4, and 2014.2.x versions prior to 2014.2.2,...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

DEBIAN-CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

Design/Logic Flaw

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

CVE-2015-1195

The CVE-2015-1195 issue concerns OpenStack Image Registry Delivery Service (Glance) V2 API where versions prior to 2014.1.4 and 2014.2.x prior to 2014.2.2 allow an authenticated remote user to read or delete arbitrary files via a full pathname in a filesystem:// URL in the image location property...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

openSUSE Security Update : openstack-dashboard (openSUSE-SU-2015:0078-1)

OpenStack Dashboard was updated to fix bugs and security issues. Full changes : - Update to version horizon-2013.2.5.dev2.g9ee7273 : - fix Horizon login page DOS attack bnc908199, CVE-2014-8124 - update version to 2013.2.5 - Updated from global requirements - Pin docutils to 0.9.1 - Set python ha...

SUSE-SU-2015:0324-1 Security update for openstack-nova

This update for openstack-nova provides stability fixes from the upstream OpenStack project: Add @retryondeadlock to instanceupdate Fix nova-compute start issue after evacuate Fix nova evacuate issues for RBD Add wrapdberror support to SessionTransaction.commit Fixes DoS issue in instance list ip...

Oracle Solaris Third-Party Patch Update : horizon (cve_2014_3594_cross_site)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject...

Oracle Solaris Third-Party Patch Update : glance (cve_2014_5356_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, whic...

Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...

Oracle Solaris Third-Party Patch Update : neutron (cve_2014_6414_unauthenticated_access)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. CVE-2014-6414 %NASLMINLEVEL 70300 C...

Oracle Solaris Third-Party Patch Update : nova (multiple_vulnerabilities_in_nova)

The remote Solaris system is missing necessary patches to address security updates : - The VMWare driver in OpenStack Compute Nova 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)

The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...