openstack-neutron: MAC source address spoofing vulnerability

Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...

openstack-neutron: DHCP spoofing vulnerability

Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests...

Low: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

An update for openstack-neutron is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

DEBIAN-CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

DEBIAN-CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

Cross site scripting

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

Code injection

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

UBUNTU-CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

CVE-2016-4428

OpenStack Horizon (Dashboard) is affected by an XSS vulnerability (CVE-2016-4428) present in Horizon 8.0.1 and earlier and 9.0.0–9.0.1. The issue arises from injecting an AngularJS template into a dashboard form, allowing a remote authenticated user to inject arbitrary script/HTML. Impact reporte...

CVE-2016-4985

CVE-2016-4985 affects the OpenStack Ironic project, specifically the ironic-api service. The vulnerability allows an attacker with network access to the ironic-api to bypass authentication and retrieve full details of a registered node by knowing the node’s MAC address and sending a crafted POST ...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

CVE-2016-4985

The ironic-api service in OpenStack Ironic before 4.2.5 Liberty and 5.x before 5.1.2 Mitaka allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...