7044 matches found
OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image
OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...
OpenStack Nova Router metadata queries are not restricted by tenant
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...
OpenStack Identity Keystone Privilege Escalation vulnerability
The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...
SOAPpy vulnerable to XML External Entity attacks
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...
SOAPpy vulnerable to XXE attacks
SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted SOAP request containing a large number of nested entity references...
OpenStack Swift allows authenticated users to cause a denial of service
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...
Tryton Directory Traversal vulnerability
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...
OpenStack Nova uses insecure keystone middleware tmpdir by default
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...
OpenStack Neutron Improper Authentication vulnerability
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...
Netflix Security Monkey Open Redirect vulnerability
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...
Web2py Reflected XSS vulnerability
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...
OpenStack Glance improper validation of the image_size_cap configuration option
OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...
OpenStack Glance Bypass the storage quota and Denial of service
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...
OpenStack Image Service (Glance) vulnerable to Improper Access Control
OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...
OpenStack Swift Cross-site Scriping vulnerability
Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...
OpenStack Neutron Intended MAC-spoofing protection mechanism bypass
The IPTables firewall in OpenStack Neutron up to 7.0.4 and 8.x before 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via 1 a crafted DHCP discovery message or 2 crafted non-IP traffic...
OpenStack Nova denial of service through compressed disk images
OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
OpenStack Object Storage Swift before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service proxy-server resource consumption via a series of interrupted requests to a Large Object URL...
OpenStack Neutron Race condition vulnerability
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
OpenStack Object Storage Swift before 2.3.1 Kilo, 2.4.x, and 2.5.x before 2.5.1 Liberty do not properly close server connections, which allows remote attackers to cause a denial of service proxy-server resource consumption via a series of interrupted requests to a Large Object URL...
OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...
Web2py Cross-Site Request Forgery vulnerability
Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged-in administrator into performing unwanted actions i.e An attacker can trick a victim into disable the installed application just by visiting a URL...
Cobbler vulnerable to code injection via unsafe YAML loading
The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...
OpenStack Cinder file disclosure in image convert
OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...
OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests
The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...
OpenStack Glance Server-Side Request Forgery (SSRF)
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...
Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks
scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
OpenStack Object Storage (Swift) Sensitive Data Exposure
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
Matrix Synapse DoS
Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...
OpenStack Heat template URL information leakage
OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...
Loggerhead XSS via filename
Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...
ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack
ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...
Openstack DBaaS (Trove) Improper Link Resolution Before File Access
The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...
OpenStack Horizon Cross-site Scripting (XSS)
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...
OpenStack Swift metadata constraints are not correctly enforced
OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...
OpenStack Swift Unauthorized delete of versioned Swift object
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability
The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...
eyeD3 is vulnerable to arbitrary file modification via symlink attack
tag.py in eyeD3 aka python-eyed3 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file...
OpenStack Nova Denial of Service in network source security groups
Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...
Cobbler Path Traversal vulnerability
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...
OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message...
OpenStack Nova Multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...
OpenStack Nova Long server names grow nova-api log files significantly
OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...
OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...