7799 matches found
Security Advisory - Buffer Overflow vulnerability in the FusionSphere OpenStack
The GaussDB of the FusionSphere OpenStack has a stack overflow vulnerability due to the lack of input validation on some parameters. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...
Security feature bypass
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
PYSEC-2017-21
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
PYSEC-2017-21
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...
CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 suffers a security-bypass due to incorrect veth-pair naming when applying Neutron security group rules to instances. The flaw allows remote attackers to bypass intended security restrictions. No explicit patch/version remediation is provided in the sources; e.g., ...
CloudForms: UI security issue on Openstack actions
A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting o...
Foreman CVE-2017-2672 Information Disclosure Vulnerability
Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...
OpenStack Horizon Cross-Site Scripting Vulnerability (CNVD-2017-05503)
OpenStack is a cloud platform management project. Horizon is a dashboard project that provides users and administrators with a web-based user interface for managing OpenStack services. A cross-site scripting vulnerability exists in OpenStack Horizon versions 9.x through 9.1.1, 10.x through 10.0.2...
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
Design/Logic Flaw
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
DEBIAN-CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
UBUNTU-CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
CVE-2017-7400
CVE-2017-7400 affects OpenStack Horizon (9.x–11.0.0). A cross-site scripting (XSS) flaw allows remote authenticated administrators to inject malicious script via a crafted federation mapping. Affected horizon components include the dashboard UI; exploitation requires federation mapping to be enab...
CVE-2017-7400
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...