7799 matches found
CVE-2014-7231
The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...
CVE-2014-7230
CVE-2014-7230 affects OpenStack components (oslo-incubator, Cinder, Nova, Trove). The vulnerability arises in processutils.execute where certain commands that trigger a ProcessExecutionError may write passwords to logs, allowing local attackers to read them. Mitigations involve upgrading to upstr...
CVE-2014-3641
The CVE-2014-3641 issue affects OpenStack Cinder’s GlusterFS and Linux SMBFS drivers prior to 2014.1.3, enabling remote authenticated users to disclose file data from the Cinder-volume host by cloning and attaching a volume with a malicious qcow2 header. Public references note the remediation: up...
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
CVE-2014-3641
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
CVE-2014-7231
The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
PT-2014-5432 · Linux Foundation +3 · Smbfs +4
Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions prior to 2014.1.3 Description: The issue allows remote authenticated users to obtain file data from the Cinder-volume host. This is achieved by cloning and attaching a volume with a crafted qcow2 header, exploiting t...
CVE-2014-3641
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
UBUNTU-CVE-2014-3641
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
UBUNTU-CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
Design/Logic Flaw
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability...
CVE-2014-3632
The CVE-2014-3632 issue affects the OpenStack Neutron package in Red Hat Enterprise Linux OpenStack Platform 5.0 on RHEL6, where a default sudoers configuration in the openstack-neutron package before 2014.1.2-4 allows privilege escalation via a crafted configuration file. This is a regression li...
CVE-2014-3632
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability...
CVE-2014-3632
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability...
PT-2014-5430 · Openstack · Openstack Neutron
Name of the Vulnerable Software and Affected Versions: openstack-neutron versions prior to 2014.1.2-4 Description: The default configuration in the sudoers file allows remote attackers to gain privileges via a crafted configuration file. This issue exists due to a regression. Recommendations: For...
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
DEBIAN-CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
CVE-2014-3608
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...
Design/Logic Flaw
The VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: thi...