CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-3621

CVE-2014-3621 affects OpenStack Keystone (identity service). The issue is a catalog URL replacement in Keystone that, when processing endpoints, can disclose sensitive configuration by crafting the publicurl field (demonstrated via $(admin_token)). Affected releases include Keystone before 2013.2...

CVE-2014-7144

OpenStack keystonemiddleware/python-keystoneclient (0.x <0.11.0; 1.x

CVE-2014-6414

Summary: CVE-2014-6414 affects OpenStack Neutron; unauthenticated? or remote authenticated users could reset admin network attributes to default values due to insufficient access control in Neutron prior to 2014.2.4 (and before 2014.1.2 in 2014.1 line). This could lead to misconfiguration or deni...

CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...

CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

UBUNTU-CVE-2014-6414

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors...

CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

UBUNTU-CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

openstack-horizon: persistent XSS in Horizon Host Aggregates interface

A persistent cross-site scripting XSS flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scori...

openstack-horizon: persistent XSS in Horizon Host Aggregates interface

A persistent cross-site scripting XSS flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scori...

openstack-glance: Glance store disk space exhaustion

It was discovered that the imagesizecap configuration option in glance was not honored. An authenticated user could use this flaw to upload an image to glance and consume all available storage space, resulting in a denial of service...

Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update

Updated openstack-glance packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

Moderate: Red Hat Security Advisory: openstack-glance security and bug fix update

Updated openstack-glance packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring Syst...