Oracle Solaris Third-Party Patch Update : horizon (cve_2014_3594_cross_site)

The remote Solaris system is missing necessary patches to address security updates : - Cross-site scripting XSS vulnerability in the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject...

Oracle Solaris Third-Party Patch Update : neutron (cve_2014_6414_unauthenticated_access)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. CVE-2014-6414 %NASLMINLEVEL 70300 C...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_7144_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the 'insecure' option is set in a paste configuration paste.ini file...

Oracle Solaris Third-Party Patch Update : glance (cve_2014_5356_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, whic...

Oracle Solaris Third-Party Patch Update : keystone (cve_2014_2828_authentication_issues)

The remote Solaris system is missing necessary patches to address security updates : - The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authenticati...

Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

Code injection

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

UBUNTU-CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

CVE-2014-8153

The CVE-2014-8153 entry affects the L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2 when using radvd 2.0+. A remote authenticated user can cause a denial of service (blocked router update processing) by creating eight routers and assigning an IPv6 non-provider subnet to each. Connected adv...

CVE-2014-8153

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service blocked router update processing by creating eight routers and assigning an ipv6 non-provider subnet to each...

Moderate: Red Hat Security Advisory: openstack-neutron security update

Updated openstack-neutron packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0 Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

openstack-neutron: DoS via maliciously crafted dns_nameservers

A denial of service flaw was found in the way neutron handled the 'dnsnameservers' parameter. By providing specially crafted 'dnsnameservers' values, an authenticated user could use this flaw to crash the neutron service...

OpenStack Neutron Local Denial of Service Vulnerability

OpenStack is a cloud computing software developed by NASA and Rackspace. A local denial of service vulnerability exists in OpenStack Neutron, which can be exploited by an attacker to cause a denial of service...

Moderate: Red Hat Security Advisory: python-keystoneclient security update

Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...

DEBIAN-CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property...