rpm package
suse/openstack-glance&distro=SUSE OpenStack Cloud 6
pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%206
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4428 | Med | 5.4 | < 11.0.2~a0~dev13-7.1 | 11.0.2~a0~dev13-7.1 | Jul 12, 2016 | Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |
| CVE-2016-5363 | Hig | 8.2 | < 11.0.2~a0~dev13-7.1 | 11.0.2~a0~dev13-7.1 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) | |
| CVE-2016-5362 | Hig | 8.2 | < 11.0.2~a0~dev13-7.1 | 11.0.2~a0~dev13-7.1 | Jun 17, 2016 | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |
| CVE-2016-2140 | Med | 5.3 | < 11.0.2~a0~dev13-7.1 | 11.0.2~a0~dev13-7.1 | Apr 12, 2016 | The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. |
- affected < 11.0.2~a0~dev13-7.1fixed 11.0.2~a0~dev13-7.1
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
- affected < 11.0.2~a0~dev13-7.1fixed 11.0.2~a0~dev13-7.1
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2)
- affected < 11.0.2~a0~dev13-7.1fixed 11.0.2~a0~dev13-7.1
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
- affected < 11.0.2~a0~dev13-7.1fixed 11.0.2~a0~dev13-7.1
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.