7799 matches found
CVE-2016-2140
The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...
CVE-2016-2140
CVE-2016-2140 concerns OpenStack Nova’s libvirt driver. When using raw storage with use_cow_images = false, crafted qcow2 headers could allow a remote authenticated user to read arbitrary files on the host via an ephemeral or root disk. The issue affects OpenStack Compute (Nova) releases prior to...
CVE-2016-2140
The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...
CVE-2016-2140
The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...
Red Hat Enterprise Linux OpenStack Platform Information Disclosure Vulnerability
Red Hat Enterprise Linux OpenStack Platform is an open source IaaS Infrastructure-as-a-Service solution from Red Hat, Inc. The solution supports the creation and management of private, public, and hybrid clouds.TripleO Heat templates tripleo-heat-templates is a set of tools for describing a sampl...
UBUNTU-CVE-2016-2140
The libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk...
CVE-2015-5329
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
Default credentials
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
Code injection
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5329
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
CVE-2015-5303
The CVE-2015-5303 entry concerns TripleO Heat templates (tripleo-heat-templates). When deployed from the CLI, it allows remote attackers to spoof OpenStack Networking metadata requests by exploiting knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. The vulnerabilit...
APITest.IO: SSRF on testing endpoint
Synopsis The form at https://www.apitest.io/request accepts among others the "url" parameter. This feature allows to reach internal services like the OpenStack metadata server or services running on loopback. Identified services http://0x7f.1/ nginx = "If you see this page, the nginx web server i...
SUSE-SU-2016:0739-1 Security update for openstack-trove
This update for openstack-trove fixes the following issues: - Fix multiple insecure /tmp file usage issues bsc929535, CVE-2015-3156...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory
Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...