Difference between revisions of "SecurityAdvisories/Diablo"
m (Text replace - "__NOTOC__" to "") |
|||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | ||
− | + | = Diablo Security Advisories = | |
+ | |||
+ | {| border="1" cellpadding="2" cellspacing="0" | ||
+ | | Product | ||
+ | | Openstack Security Advisory | ||
+ | | CVE Number | ||
+ | | Title | ||
+ | | Impact | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg06105.html 2011-001] | ||
+ | | 2011-4596 | ||
+ | | Path traversal issues registering malicious images using EC2 API | ||
+ | | High | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg06648.html 2012-001] | ||
+ | | 2012-0030 | ||
+ | | Tenant bypass by authenticated users using [[OpenStack]] API | ||
+ | | Critical | ||
+ | |- | ||
+ | | Keystone | ||
+ | | [https://lists.launchpad.net/openstack/msg09193.html 2012-002] | ||
+ | | 2012-1572 | ||
+ | | Extremely long passwords can crash Keystone | ||
+ | | High | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg09311.html 2012-003] | ||
+ | | 2012-1585 | ||
+ | | Long server names grow nova-api log files significantly | ||
+ | | High | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg10268.html 2012-005] | ||
+ | | 2012-2101 | ||
+ | | No quota enforced on security group rules | ||
+ | | High | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg12883.html 2012-007] | ||
+ | | 2012-2654 | ||
+ | | Security groups fail to be set correctly | ||
+ | | Medium | ||
+ | |- | ||
+ | |rowspan=2 |Nova | ||
+ | |rowspan=2 |[https://lists.launchpad.net/openstack/msg14089.html 2012-008] | ||
+ | | [https://bugs.launchpad.net/bugs/cve/2012-3360 2012-3360] | ||
+ | |rowspan=2 |Arbitrary file injection/corruption through directory traversal issues | ||
+ | |rowspan=2 |Critical | ||
+ | |- | ||
+ | |- | ||
+ | | Nova | ||
+ | | [https://lists.launchpad.net/openstack/msg15549.html 2012-011] | ||
+ | | [https://bugs.launchpad.net/bugs/cve/2012-3447 2012-3447] | ||
+ | | Compute node filesystem injection/corruption | ||
+ | | Critical |
Latest revision as of 23:30, 17 February 2013
Diablo Security Advisories
Product | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | 2011-001 | 2011-4596 | Path traversal issues registering malicious images using EC2 API | High |
Nova | 2012-001 | 2012-0030 | Tenant bypass by authenticated users using OpenStack API | Critical |
Keystone | 2012-002 | 2012-1572 | Extremely long passwords can crash Keystone | High |
Nova | 2012-003 | 2012-1585 | Long server names grow nova-api log files significantly | High |
Nova | 2012-005 | 2012-2101 | No quota enforced on security group rules | High |
Nova | 2012-007 | 2012-2654 | Security groups fail to be set correctly | Medium |
Nova | 2012-008 | 2012-3360 | Arbitrary file injection/corruption through directory traversal issues | Critical |
Nova | 2012-011 | 2012-3447 | Compute node filesystem injection/corruption | Critical |