7799 matches found
CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...
UBUNTU-CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...
CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...
CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...
CVE-2016-9590
CVE-2016-9590 affects puppet-swift (used by Red Hat OpenStack Platform director to install Object Storage). Root cause: during installation the Puppet script deploys the service and incorrectly removes and then recreates proxy-server.conf with world-readable permissions, enabling information disc...
CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf...
puppet-tripleo unauthorized access vulnerability
puppet-tripleo is an open source tool for installing, upgrading and operating on OpenStack. A security vulnerability exists in puppet-tripleo versions prior to 5.5.0 and prior to 6.2.0. The vulnerability can be exploited by an attacker to create TCP/UDP rules with the help of empty port values to...
SUSE-RU-2018:1071-1 Recommended update for several crowbar barclamps
This update for Crowbar provides several fixes and improvements for the following barclamps: crowbar-openstack: - nova: Use internal placement url bsc1055188 - nova: Subscribe to placement config bsc1055188 - barbican: Add missing roles used in policy.json bsc1081573 - barbican: Add creator role...
openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...
Moderate: Red Hat Security Advisory: openstack-tripleo-common and openstack-tripleo-heat-templates update
An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Privilege escalation
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
CVE-2017-8187 affects Huawei FusionSphere OpenStack V100R006C00SPC102 (NFV). The root cause is improper privilege restrictions that could allow a high-privileged attacker to obtain other users’ certificates, enabling privilege escalation. The NVD reports a base CVSSv3 score of 7.2 (HIGH) with net...
Moderate: Red Hat Security Advisory: openstack-nova and python-novaclient security, bug fix, and enhancement update
An update for openstack-nova and python-novaclient is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
Design/Logic Flaw
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...