7799 matches found
CVE-2014-8333
The VMware driver in OpenStack Compute Nova before 2014.1.4 allows remote authenticated users to cause a denial of service disk consumption by deleting an instance in the resize state...
CVE-2014-8333
CVE-2014-8333 affects the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4. An authenticated user can trigger a denial-of-service (disk consumption) by deleting an instance that is in the resize state, causing backend resource exhaustion. Remediation reported in associated advisories: ...
CVE-2014-3708
CVE-2014-3708 affects OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1. The vulnerability arises from how an IP filter is processed in the list active servers API request, allowing remote authenticated users to cause a denial of service (CPU consumption). Public advisories (R...
CVE-2014-3708
OpenStack Compute Nova before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service CPU consumption via an IP filter in a list active servers API request...
CVE-2014-8333
The VMware driver in OpenStack Compute Nova before 2014.1.4 allows remote authenticated users to cause a denial of service disk consumption by deleting an instance in the resize state...
PT-2014-5463 · Openstack · Openstack Compute
Name of the Vulnerable Software and Affected Versions: OpenStack Compute Nova versions prior to 2014.1.4 OpenStack Compute Nova versions 2014.2.x prior to 2014.2.1 Description: The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by exploiting an...
CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
Cross site request forgery (csrf)
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
CVE-2014-3520
CVE-2014-3520 affects OpenStack Identity (Keystone) where, in V2 API trust handling, a remote authenticated trustee can gain access to an unauthorized project by supplying the project ID in a trust token request. Affected versions include Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno...
CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
openstack-glance: Glance store disk space exhaustion
It was discovered that the imagesizecap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service...
Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update
Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which giv...
Moderate: Red Hat Security Advisory: openstack-neutron security and bug fix update
Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
Important: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...
openstack-nova: Nova VMware driver may connect VNC to another tenant's console
A race condition flaw was found in the way the nova VMware driver handled VNC port allocation. An authenticated user could use this flaw to gain unauthorized console access to instances belonging to other tenants by repeatedly spawning new instances. Note that only nova setups using the VMware...
Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: openstack-packstack security, bug fix, and enhancement update
Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...