Denial Of Service (DoS)

KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Two integer overfl...

Denial Of Service (DoS)

The openstack-neutron packages provide Openstack Networking neutron, the virtual network service. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual...

Authentication Bypass

The openstack-heat packages provide heat, a Python implementation of the OpenStack Orchestration engine, to launch multiple composite cloud applications based on templates. It was found that heat did not properly enforce cloudformation-compatible API policy rules. An in-instance attacker could us...

Information Disclosure

OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as th...

Infomation Disclosure

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Privilege Escalation

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...

Authorization Bypass

The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain acces...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A flaw was found in the way the Nova VNC proxy handled console tokens. In some cases, a console token that was valid for one virtual machi...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass. It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them t...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible...

Denial Of Service (DoS)

The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0657, did not fully correct the issues in the Extensible...

Denial Of Service (DoS)

The openstack-cinder packages provide OpenStack Volume Cinder, which provides services to manage and access block storage volumes for use by virtual machine instances. It was found that the fixes for CVE-2013-1664 and CVE-2013-1665, released via RHSA-2013:0658, did not fully correct the issues in...

Encryption And Signing Bypass

python-keystoneclient is vulnerable to Encryption and Signing Bypass. A flaw was found in the way python-keystoneclient verified data from memcached. Even when the memcachesecuritystrategy setting in /etc/swift/proxy-server.conf was set to MAC to perform signature checking, an attacker on the loc...

XML External Entity (XXE)

The openstack-nova packages provide OpenStack Compute code name Nova, which provides services for provisioning, managing, and using virtual machine instances. A denial of service flaw was found in the Extensible Markup Language XML parser used by Nova. A remote attacker could use this flaw to sen...

Privilege Escalation

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

Arbitrary Code Execution

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

Authorization Bypass

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

Privilege Escalation

The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. The openstack-keystone packages have been upgraded to upstream version 2012.1.3, which provides a number of bug fixes and...