UBUNTU-CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

UBUNTU-CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

CVE-2013-1068

The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...

openSUSE Security Update : openstack-swift (openSUSE-SU-2013:1146-1)

This update of openstack-swift fixes a security vulnerability. - Add CVE-2013-2161.patch: fix unchecked user input in Swift XML responses CVE-2013-2161, bnc824286. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : openstack-nova (openSUSE-SU-2013:1087-1)

This update of openstack-nova fixes a security vulnerability. - Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir by default CVE-2013-2030, bnc819349. - Use explicit keystone-signing dir to workaround lp1181157. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0565-1)

Openstack keystone was updated to version 2012.2.4+git.1363796849.255b1d4 : + validate from backend lp1129713, bnc809590, CVE-2013-1865 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : openstack (openSUSE-2013-237)

The Openstack Stack components were updated to Folsom level as of March 5th. Changes in openstack-cinder : - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc802278. - Update cinder-config-update.diff:...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0949-1)

OpenStack Keystone was updated to fix bnc818596, CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)

This update of openstack-keystone fixes two security vulnerabilities. - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation CVE-2013-2104, bnc821201 - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend CVE-2013-2157, bnc823783 %NASLMINLEV...

CVE-2014-0041

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

CVE-2014-0042

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

DEBIAN-CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

DEBIAN-CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

CVE-2013-2014

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

Design/Logic Flaw

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...