7746 matches found
CVE-2014-0056
CVE-2014-0056 affects OpenStack Neutron l3-agent (2012.2 before 2013.2.3). The issue: tenant-id not checked when creating ports, allowing remote authenticated users to connect ports to the routers of arbitrary tenants via the device-id in a port-create command. CVSSv2 base score 2.1 (LOW), attack...
CVE-2014-0134
OpenStack Nova shows a vulnerability in 2013.2 (before 2013.2.3) and Icehouse (before 2014.1) when using libvirt to spawn images with use_cow_images=false: remote authenticated users could read certain compute host files by overwriting an instance disk with a crafted image. The affected component...
CVE-2014-0134
The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...
CVE-2014-0134
The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...
[USN-2208-2] OpenStack Quantum vulnerability
========================================================================== Ubuntu Security Notice USN-2208-2 May 06, 2014 quantum vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[USN-2208-1] OpenStack Cinder vulnerability
========================================================================== Ubuntu Security Notice USN-2208-1 May 06, 2014 cinder vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Ubuntu 12.10 : quantum vulnerability (USN-2208-2)
USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote...
[USN-2206-1] OpenStack Horizon vulnerability
========================================================================== Ubuntu Security Notice USN-2206-1 May 06, 2014 horizon vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
Ubuntu 12.10 : cinder vulnerability (USN-2208-1)
JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubunt...
[USN-2193-1] OpenStack Glance vulnerability
========================================================================== Ubuntu Security Notice USN-2193-1 May 05, 2014 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
OpenStack multiple security vulnerabilities
Glance code execution, Neutron and Swift unauthorized access, Horizon crossite scripting, Quantum / Cinder / Oslo information leakage...
[USN-2194-1] OpenStack Neutron vulnerability
========================================================================== Ubuntu Security Notice USN-2194-1 May 05, 2014 neutron vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[USN-2207-1] OpenStack Swift vulnerability
========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Ubuntu 12.04 LTS / 12.10 / 13.10 : swift vulnerability (USN-2207-1)
Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients. Note that Tenable Network...
Ubuntu 13.10 : horizon vulnerability (USN-2206-1)
Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...
USN-2208-2: OpenStack Quantum vulnerability
USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. Original advisory details: JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol i...
USN-2208-1: OpenStack Cinder vulnerability
JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpidprotocol is set to 'ssl'. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to view sensitive information...
USN-2207-1: OpenStack Swift vulnerability
Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...
USN-2206-1: OpenStack Horizon vulnerability
Cristian Fiorentino discovered that OpenStack Horizon did not properly perform input sanitization for Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user...
Ubuntu 13.10 : neutron vulnerability (USN-2194-1)
Aaron Rosen discovered that OpenStack Neutron did not properly perform authorization checks when creating ports when using plugins relying on the l3-agent. A remote authenticated attacker could exploit this to access the network of other tenants. Note that Tenable Network Security has extracted t...