Ubuntu Update for nova USN-1497-1

Ubuntu Update for Linux kernel vulnerabilities USN-1497-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14971.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for nova USN-1497-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 11.10 / 12.04 LTS : nova vulnerabilities (USN-1497-1)

Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubun...

[SECURITY] Fedora 17 Update: openstack-nova-2012.1-10.fc17

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

[SECURITY] Fedora 16 Update: openstack-nova-2011.3.1-10.fc16

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

CVE-2012-2654

The 1 EC2 and 2 OS APIs in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restriction...

CVE-2012-2101

Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...

Hardcoded credentials

Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...

USN-1466-1: Nova vulnerability

It was discovered that, when defining security groups in Nova using the EC2 or OS APIs, specifying the network protocol e.g. 'TCP' in the incorrect case would cause the security group to not be applied correctly. An attacker could use this to bypass Nova security group restrictions...

CVE-2012-2094

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

Cross site scripting

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

PYSEC-2012-33

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2094

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

CVE-2012-2094

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

[SECURITY] Fedora 17 Update: python-django-horizon-2012.1-3.fc17

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

[USN-1439-1] Horizon vulnerabilities

========================================================================== Ubuntu Security Notice USN-1439-1 May 07, 2012 horizon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1439-1: Horizon vulnerabilities

Matthias Weckbecker discovered a cross-site scripting XSS vulnerability in Horizon via the log viewer refrash mechanism. If a user were tricked into viewing a specially crafted log message, a remote attacker could exploit this to modify the contents or steal confidential data within the same...

[SECURITY] Fedora 17 Update: openstack-nova-2012.1-2.fc17

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 17 : openstack-nova-2012.1-2.fc17 (2012-6273)

Sync up with Essex stable branch - Support more flexible guest image file injection - Enforce quota on security group rules CVE-2012-2101 - Provide startup scripts for the Essex VNC services - Provide a startup script for the separated metadata api service update to essex release Note that...