7799 matches found
PYSEC-2015-40
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...
CVE-2015-3219
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...
CVE-2015-3219
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...
CVE-2015-3219
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...
CVE-2015-3219
CVE-2015-3219 is a cross-site scripting (XSS) vulnerability in OpenStack Horizon’s Horizon Orchestration/Stack UI. The flaw allows an attacker to inject script via the description parameter in a heat template, due to improper handling in the Field class’s help_text. Affected: OpenStack Dashboard ...
CVE-2015-3219
Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...
DEBIAN-CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
PYSEC-2015-39
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
Code injection
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
PYSEC-2015-39
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
OpenStack Glance is affected by CVE-2015-5163 in the 2015.1.x line prior to 2015.1.2 (kilo). The V2 API allows remote authenticated users to read arbitrary files via a crafted qcow2 backing file during image import. The issue arises from how a backing file is processed and file content is read, e...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
CVE-2015-5163
The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...
PT-2015-6790 · Openstack · Openstack Image Service
Name of the Vulnerable Software and Affected Versions: OpenStack Image Service Glance versions 2015.1.x before 2015.1.2 kilo Description: The issue allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image when using the V2 API. Recommendations: For...
Important: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having an Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
openstack-glance: Glance v2 API host file disclosure through qcow2 backing file
A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected by this flaw...
CVE-2015-3289
OpenStack Glance before 2015.1.1 kilo allows remote authenticated users to cause a denial of service disk consumption by repeatedly using the import task flow API to create images and then deleting them...