7799 matches found
python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value
It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networki...
OpenStack Ironic Security Bypass Vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Ironic is a component that provides bare-metal and virtual machine hypervisor interaction. A security bypass vulnerability exists in OpenStack Ironic. An attacker...
wiki.openstack.org XSS vulnerability
Vulnerable URL: https://wiki.openstack.org/w/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSSPOSED%27%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:07 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
SUSE-SU-2015:2220-1 Security update for openstack-nova and openstack-neutron
This update for openstack-nova and openstack-neutron provides various fixes and improvements. openstack-nova: - Fix instance filtering. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector information. - Added...
SUSE-SU-2015:2219-1 Security update for openstack-nova
This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...
OpenStack Swift-on-File任意代码执行漏洞
No description provided by source...
OpenStack Glance安全绕过漏洞
No description provided by source...
OpenStack Glance Security Bypass Vulnerability
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Glance is a project that stores, queries and retrieves virtual machine images. A security bypass vulnerability exists in OpenStack Glance, which can be exploited by ...
OpenStack Swift-on-File Arbitrary Code Execution Vulnerability
OpenStack is an open source project developed by NASA and Rackspace in collaboration to provide software for building and managing public and private clouds. An arbitrary code execution vulnerability exists in OpenStack Swift-on-File, which allows an authenticated remote user to execute arbitrary...
CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
CVE-2015-5242
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
Code injection
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PYSEC-2015-28
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
PYSEC-2015-28
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
Code injection
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
CVE-2015-5242
OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...
CVE-2015-5306
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
CVE-2015-5242
CVE-2015-5242 affects OpenStack Swift-on-File (swiftonfile). The issue arises from loading metadata with Python’s pickle without proper restrictions, enabling a remote authenticated user to execute arbitrary code via crafted xattrs. Documented impact is remote code execution on the storage node; ...
CVE-2015-5306
CVE-2015-5306 affects OpenStack Ironic Inspector (ironic-inspector/ironic-discoverd). When Flask debug mode is enabled, an error can expose the Flask debug console, potentially allowing a remote attacker to execute arbitrary Python code. The vulnerability is documented in OSV and Red Hat advisori...