rpm package
suse/openstack-ceilometer&distro=SUSE OpenStack Cloud 6
pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4428 | Med | 5.4 | < 5.0.4~a0~dev6-6.1 | 5.0.4~a0~dev6-6.1 | Jul 12, 2016 | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |
| CVE-2016-5363 | Hig | 8.2 | < 5.0.4~a0~dev6-6.1 | 5.0.4~a0~dev6-6.1 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) | |
| CVE-2016-5362 | Hig | 8.2 | < 5.0.4~a0~dev6-6.1 | 5.0.4~a0~dev6-6.1 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |
| CVE-2016-2140 | Med | 5.3 | < 5.0.4~a0~dev6-6.1 | 5.0.4~a0~dev6-6.1 | Apr 12, 2016 | The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. |
- affected < 5.0.4~a0~dev6-6.1fixed 5.0.4~a0~dev6-6.1
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
- affected < 5.0.4~a0~dev6-6.1fixed 5.0.4~a0~dev6-6.1
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2)
- affected < 5.0.4~a0~dev6-6.1fixed 5.0.4~a0~dev6-6.1
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
- affected < 5.0.4~a0~dev6-6.1fixed 5.0.4~a0~dev6-6.1
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.