CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
22 Jun 2016 — Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cu... • http://www.debian.org/security/2016/dsa-3617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2015-8914 – openstack-neutron: ICMPv6 source address spoofing vulnerability
https://notcve.org/view.php?id=CVE-2015-8914
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección ICMPv6-spoofing y consecuentemente causar una denegación de servi... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 8.2EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5362 – openstack-neutron: DHCP spoofing vulnerability
https://notcve.org/view.php?id=CVE-2016-5362
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo destinado a la protección DHCP-spoofing y consecuentemente causar una denegación de serv... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 8.2EPSS: 1%CPEs: 7EXPL: 0CVE-2016-5363 – openstack-neutron: MAC source address spoofing vulnerability
https://notcve.org/view.php?id=CVE-2016-5363
17 Jun 2016 — The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. El firewall IPTables en OpenStack Neutron en versiones anteriores a 7.0.4 y 8.0.0 hasta la versión 8.1.0 permite a atacantes remotos eludir un mecanismo de protección destinado a suplantar una MAC y consecuen... • http://www.openwall.com/lists/oss-security/2016/06/10/5 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-2140 – openstack-nova: Host data leak through resize/migration
https://notcve.org/view.php?id=CVE-2016-2140
08 Mar 2016 — The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. El controlador libvirt en OpenStack Compute (Nova) en versiones anteriores a 2015.1.4 (kilo) y 12.0.x en versiones anteriores a 12.0.3 (liberty), cuando usa almacenamiento en bruto y use_cow_images está establecido a false, permite ... • http://www.openwall.com/lists/oss-security/2016/03/08/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0757 – openstack-glance: Glance image status manipulation through locations
https://notcve.org/view.php?id=CVE-2016-0757
29 Feb 2016 — OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. OpenStack Image Service (Glance) en versiones anteriores a 2015.1.3 (kilo) y 11.0.x en versiones anteriores a 11.0.2 (liberty), cuando show_multiple_locations está habilitado, permiten a usuarios remotos autenticados cambiar el estado de imagen y cargar ... • http://rhn.redhat.com/errata/RHSA-2016-0309.html • CWE-284: Improper Access Control CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7546
https://notcve.org/view.php?id=CVE-2015-7546
03 Feb 2016 — The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStac... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2016-0737 – openstack-swift: Client to proxy DoS through Large Objects
https://notcve.org/view.php?id=CVE-2016-0737
29 Jan 2016 — OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 no cierra correctamente las conexionen del cliente, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos del servidor proxy) a través de una serie de peticiones inte... • http://rhn.redhat.com/errata/RHSA-2016-0128.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 0CVE-2016-0738 – openstack-swift: Proxy to server DoS through Large Objects
https://notcve.org/view.php?id=CVE-2016-0738
29 Jan 2016 — OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. OpenStack Object Storage (Swift) en versiones anteriores a 2.3.1 (Kilo), 2.4.x y 2.5.x en versiones anteriores a 2.5.1 (Liberty) no cierra correctamente las conexiones de servidor, lo que permite a atacantes remotos causa... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2015-5295 – openstack-heat: Vulnerability in Heat template validation leading to DoS
https://notcve.org/view.php?id=CVE-2015-5295
20 Jan 2016 — The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. El comando template-validate en OpenStack Orchestration API (Heat) en versiones anteriores a 2015.1.3 (kilo) y 5.0.x en versiones anteriores a 5.0.1 (liberty) permite a usuarios remotos au... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •