7799 matches found
DEBIAN-CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
CVE-2017-18191
CVE-2017-18191 - OpenStack Nova: In OpenStack Nova 15.x (up to 15.1.0) and 16.x (up to 16.1.1), detaching and reattaching an encrypted volume can allow an attacker to access the underlying raw volume and corrupt the LUKS header, causing a denial of service on the compute host (data loss is noted ...
CVE-2017-18191
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. The same code error...
PT-2018-6722 · Openstack +2 · Openstack Nova +2
Name of the Vulnerable Software and Affected Versions: OpenStack Nova versions 15.x through 15.1.0 OpenStack Nova versions 16.x through 16.1.1 Description: An issue in OpenStack Nova allows an attacker to access the underlying raw volume and corrupt the LUKS header by detaching and reattaching an...
openstack-aodh: Aodh can be used to launder Keystone trusts
A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious us...
Moderate: Red Hat Security Advisory: openstack-aodh security update
An update for openstack-aodh is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
An update for openstack-nova is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
An update for openstack-nova is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Meltdown and Spectre Attacks | Cloud Foundry
Severity Advisory/Critical Description Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a maliciou...
[SECURITY] Fedora 27 Update: heketi-5.0.1-1.fc27
Heketi provides a RESTful management interface which can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will...
[SECURITY] Fedora 26 Update: heketi-5.0.1-1.fc26
Heketi provides a RESTful management interface which can be used to manage the life cycle of GlusterFS volumes. With Heketi, cloud services like OpenStack Manila, Kubernetes, and OpenShift can dynamically provision GlusterFS volumes with any of the supported durability types. Heketi will...
World Readable Data
tripleo-heat-templates contains a world readable data vulnerability. The library does not set the proper permissions during the creation of the ceph.client.openstack.keyring, allowing a local user to access the keyring to read or modify data. This vulnerability only affects setups with openstack...
CVE-2017-15321
Huawei FusionSphere OpenStack V100R006C000SPC102 NFV has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak...
CVE-2017-15321
Huawei FusionSphere OpenStack V100R006C000SPC102 NFV has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak...
Design/Logic Flaw
Huawei FusionSphere OpenStack V100R006C000SPC102 NFV has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak...
CVE-2017-15321
Huawei FusionSphere OpenStack V100R006C000SPC102 NFV has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak...
CVE-2017-15321
Huawei FusionSphere OpenStack (FSO) on V100R006C000SPC102 (NFV) is affected by an information disclosure vulnerability caused by the default use of a low-version transport protocol, allowing an attacker to intercept transmitted packets. The CVE entry CVE-2017-15321 is documented with an impact of...
openstack-tripleo-heat-templates package information disclosure vulnerability
The openstack-triple-heat-templates package is a set of generic template packages that support installation, upgrades, and other operations on the Openstack platform using the Openstack Cloud Facility. A security vulnerability exists in the openstack-tripleo-heat-templates package that stems from...
CVE-2017-12155
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...