7799 matches found
UBUNTU-CVE-2015-7548
OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty, when using libvirt to spawn instances and usecowimages is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot...
openstack-nova: Unprivileged API user can access host data using instance snapshot
A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...
Important: Red Hat Security Advisory: openstack-nova security update
Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0, and 7.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...
openstack-nova: network security group changes are not applied to running instances
A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...
openstack-nova: Unprivileged API user can access host data using instance snapshot
A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw...
Important: Red Hat Security Advisory: openstack-nova security advisory
Updated openstack-nova packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
OpenStack qemu-imge security bypass vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. OpenStack qemu-imge is one of the installation images. A security bypass vulnerability exists in OpenStack qemu-imge. An attacker could use this vulnerability to...
openstack-nova: network security group changes are not applied to running instances
A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory
Updated openstack-nova packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives...
Swift-on-File Remote Denial of Service Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. Swift-on-File a.k.a. Swiftonfile is one of the services used to scale a Swift clusters and migrate data from different storage backends. A...
OpenStack Nova Local Information Disclosure Vulnerability (CNVD-2015-08535)
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. A local information disclosure...
[SECURITY] Fedora 23 Update: openstack-swift-plugin-swift3-1.9-1.fc23
The swift3 plugin permits accessing Openstack Swift via the Amazon S3 API...
openstack-ironic-discoverd: potential remote code execution with debug mode enabled
It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...
Important: Red Hat Security Advisory: openstack-ironic-discoverd security update
Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
openstack-nova: network security group changes are not applied to running instances
A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...
Moderate: Red Hat Security Advisory: openstack-nova secuity and bug fix advisory
Updated OpenStack Compute packages that resolve one security issue and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
openstack-nova: network security group changes are not applied to running instances
A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory
Updated OpenStack Compute packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...
openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values
A flaw was found in the director openstack-tripleo-heat-templates where the RabbitMQ credentials defaulted to guest/guest and supplied values in the configuration were not used. As a result, all deployed overclouds used the same credentials guest/guest. A remote non-authenticated attacker could u...
Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update
Updated packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...