Redhat Openstack vulnerabilities

CVE-2013-4386 [HIGH] CWE-89 CVE-2013-4386: Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

CVE-2013-4185 [MEDIUM] CWE-310 CVE-2013-4185: Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before h Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large numbe

CVE-2013-4261 [LOW] CWE-119 CVE-2013-4261: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, d OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the c

CVE-2013-4222 [MEDIUM] CWE-522 CVE-2013-4222: OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

CVE-2013-4182 [HIGH] CWE-264 CVE-2013-4182: app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

CVE-2013-4180 [MEDIUM] CWE-20 CVE-2013-4180: The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote a The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

CVE-2013-2882 [HIGH] CWE-843 CVE-2013-2882: Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial o Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVE-2013-2121 [MEDIUM] CWE-94 CVE-2013-2121: Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2. Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

CVE-2013-2113 [MEDIUM] CWE-264 CVE-2013-2113: The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote a The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.