Redhat Openstack vulnerabilities

CVE-2014-9623 [MEDIUM] CWE-399 CVE-2014-9623: OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9493 [MEDIUM] CWE-264 CVE-2014-9493: The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 al The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

CVE-2014-7821 [MEDIUM] CWE-20 CVE-2014-7821: OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

CVE-2014-3615 [LOW] CWE-200 CVE-2014-3615: The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a hi The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

CVE-2014-3708 [MEDIUM] CWE-399 CVE-2014-3708: OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated us OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

CVE-2014-8333 [MEDIUM] CWE-399 CVE-2014-8333: The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to c The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

CVE-2014-7231 [LOW] CWE-200 CVE-2014-7231: The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove b The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

CVE-2014-7230 [LOW] CWE-200 CVE-2014-7230: The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2 The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

CVE-2014-3621 [MEDIUM] CWE-200 CVE-2014-3621: The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014. The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

CVE-2014-4615 [MEDIUM] CWE-200 CVE-2014-4615: The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

CVE-2013-6470 [MEDIUM] CWE-287 CVE-2013-6470: The default configuration in the standalone controller quickstack manifest in openstack-foreman-inst The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

CVE-2014-0040 [MEDIUM] CVE-2014-0040: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4. OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

CVE-2014-0041 [MEDIUM] CWE-310 CVE-2014-0041: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4. OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

CVE-2014-0042 [MEDIUM] CWE-310 CVE-2014-0042: OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4. OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

CVE-2014-0071 [MEDIUM] CWE-264 CVE-2014-0071: PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neu PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

CVE-2013-6393 [MEDIUM] CWE-119 CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cas The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

CVE-2013-6491 [MEDIUM] CWE-310 CVE-2013-6491: The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SS The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

CVE-2013-6391 [MEDIUM] CWE-269 CVE-2013-6391: The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehou The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

CVE-2013-4214 [MEDIUM] CWE-59 CVE-2013-4214: rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

CVE-2013-2029 [MEDIUM] CWE-59 CVE-2013-2029: nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.