CentOS 6 : libvirt (CESA-2014:1873)

Updated libvirt packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RHEL 6 : libvirt (RHSA-2014:1873)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1873 advisory. The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In...

Scientific Linux Security Update : libvirt on SL6.x i386/x86_64 (20141118)

An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune function looked up the disk index in a non- persistent live disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could u...

Ubuntu 14.04 LTS : OpenStack Neutron vulnerability (USN-2408-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2408-1 advisory. Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this t...

Ubuntu: Security Advisory (USN-2405-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : OpenStack Cinder vulnerabilities (USN-2405-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2405-1 advisory. Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated...

Ubuntu: Security Advisory (USN-2406-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-2407-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2407-1 advisory. Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated...

Ubuntu: Security Advisory (USN-2407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2408-1: OpenStack Neutron vulnerability

Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this to bypass intended access controls and reset admin-only attributes to default values...

USN-2408-1 neutron vulnerability

Elena Ezhova discovered that OpenStack Neutron did not properly perform access control checks for attributes. A remote authenticated attacker could exploit this to bypass intended access controls and reset admin-only attributes to default values...

USN-2407-1: OpenStack Nova vulnerabilities

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...

USN-2407-1 nova vulnerabilities

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...

USN-2406-1: OpenStack Keystone vulnerability

Brant Knudson discovered that OpenStack Keystone did not properly perform input sanitization when performing endpoint catalog substitution. A remote attacker with privileged access for creating endpoints could exploit this to obtain sensitive information...

USN-2405-1 cinder vulnerabilities

Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. CVE-2014-3641 Amrith Kumar discovered that OpenStack Cinder di...

USN-2405-1: OpenStack Cinder vulnerabilities

Duncan Thomas discovered that OpenStack Cinder did not properly track the file format when using the GlusterFS of Smbfs drivers. A remote authenticated user could exploit this to potentially obtain file contents from the compute host. CVE-2014-3641 Amrith Kumar discovered that OpenStack Cinder di...

RHEL 6 : Storage Server (RHSA-2014:0409)

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Storage 2.1. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

DEBIAN-CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...