Jump to: navigation, search

Difference between revisions of "SecurityAdvisories/Diablo"

 
m (Text replace - "__NOTOC__" to "")
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
__NOTOC__
+
 
To be completed
+
= Diablo Security Advisories =
 +
 
 +
{| border="1" cellpadding="2" cellspacing="0"
 +
| Product
 +
| Openstack Security Advisory
 +
| CVE Number
 +
| Title
 +
| Impact
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg06105.html 2011-001]
 +
| 2011-4596
 +
| Path traversal issues registering malicious images using EC2 API
 +
| High
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg06648.html 2012-001]
 +
| 2012-0030
 +
| Tenant bypass by authenticated users using [[OpenStack]] API
 +
| Critical
 +
|-
 +
| Keystone
 +
| [https://lists.launchpad.net/openstack/msg09193.html 2012-002]
 +
| 2012-1572
 +
| Extremely long passwords can crash Keystone
 +
| High
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg09311.html 2012-003]
 +
| 2012-1585
 +
| Long server names grow nova-api log files significantly
 +
| High
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg10268.html 2012-005]
 +
| 2012-2101
 +
| No quota enforced on security group rules
 +
| High
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg12883.html 2012-007]
 +
| 2012-2654
 +
| Security groups fail to be set correctly
 +
| Medium
 +
|-
 +
|rowspan=2 |Nova
 +
|rowspan=2 |[https://lists.launchpad.net/openstack/msg14089.html 2012-008]
 +
| [https://bugs.launchpad.net/bugs/cve/2012-3360 2012-3360]
 +
|rowspan=2 |Arbitrary file injection/corruption through directory traversal issues
 +
|rowspan=2 |Critical
 +
|-
 +
|-
 +
| Nova
 +
| [https://lists.launchpad.net/openstack/msg15549.html 2012-011]
 +
| [https://bugs.launchpad.net/bugs/cve/2012-3447 2012-3447]
 +
| Compute node filesystem injection/corruption
 +
| Critical

Latest revision as of 23:30, 17 February 2013

Diablo Security Advisories

Product Openstack Security Advisory CVE Number Title Impact
Nova 2011-001 2011-4596 Path traversal issues registering malicious images using EC2 API High
Nova 2012-001 2012-0030 Tenant bypass by authenticated users using OpenStack API Critical
Keystone 2012-002 2012-1572 Extremely long passwords can crash Keystone High
Nova 2012-003 2012-1585 Long server names grow nova-api log files significantly High
Nova 2012-005 2012-2101 No quota enforced on security group rules High
Nova 2012-007 2012-2654 Security groups fail to be set correctly Medium
Nova 2012-008 2012-3360 Arbitrary file injection/corruption through directory traversal issues Critical
Nova 2012-011 2012-3447 Compute node filesystem injection/corruption Critical