Bug #1403102: Glance allows users to download and delete any file in glance-api server
|
CVE-2014-9493 |
Mirantis OpenStack
|
Fix released, assigned to Alexander Tivelkov
|
Bug #1414685: [Glance] Glance user storage quota bypass #1
|
CVE-2014-9623 |
Mirantis OpenStack
|
Invalid by Mike Fedosin
|
Bug #1420273: Nova console Cross-Site WebSocket hijacking
|
CVE-2015-0259 |
Mirantis OpenStack
|
Fix released, assigned to Roman Podoliaka
|
Bug #1425171: Upgrade OpenSSL packages
|
CVE-2010-5298
CVE-2014-0076
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470 |
Mirantis OpenStack
|
Opinion, assigned to MOS Linux
|
Bug #1442041: Unauthorized delete of versioned Swift object
|
CVE-2015-1856 |
Mirantis OpenStack
|
Fix released, assigned to Alexey Khivin
|
Bug #1442579: [pre-OSSA] Vulnerability in OpenStack keystonemiddleware (CVE-2015-1852)
|
CVE-2015-1852 |
Mirantis OpenStack
|
Fix released, assigned to Alexander Makarov
|
Bug #1459628: Another Horizon login page vulnerability to a DoS attack
|
CVE-2015-5143 |
Mirantis OpenStack
|
Fix released, assigned to Aleksander Mogylchenko
|
Bug #1465333: Format-guessing and file disclosure in image convert (CVE-2015-1850)
|
CVE-2015-1850
CVE-2015-1851 |
Mirantis OpenStack
|
Fix released, assigned to Timur Nurlygayanov
|
Bug #1466077: Resize/delete combo allows to overload nova-compute (CVE-2015-3241)
|
CVE-2015-3241 |
Mirantis OpenStack
|
Fix released, assigned to MOS Nova
|
Bug #1466490: Neutron L2 agent DoS through incorrect allowed address pairs (CVE-2015-3221)
|
CVE-2015-3221 |
Mirantis OpenStack
|
Fix released, assigned to Alexander Ignatov
|
Bug #1468744: [OSSA 2015-009] Sanitation of metadata label (CVE-2015-3988)
|
CVE-2015-3988 |
Mirantis OpenStack
|
Fix released, assigned to Vlad Okhrimenko
|
Bug #1469149: [CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs
|
CVE-2015-3646 |
Mirantis OpenStack
|
Fix released, assigned to Alexander Makarov
|
Bug #1469158: Image chunks remains in store if upload is interrupted
|
CVE-2014-9684
CVE-2015-1881 |
Mirantis OpenStack
|
Fix released, assigned to Mike Fedosin
|
Bug #1481494: Session timed out notice in horizon after idle period
|
CVE-2014-8124 |
Mirantis OpenStack
|
Invalid by MOS Maintenance
|
Bug #1487450: Information leak via Swift tempurls (CVE-2015-5223)
|
CVE-2015-5223 |
Mirantis OpenStack
|
Fix released, assigned to Alexey Khivin
|
Bug #1489775: Nova may fail to delete images in resize state
|
CVE-2015-3280 |
Mirantis OpenStack
|
Fix released, assigned to Sergey Nikitin
|
Bug #1496798: User can change image status directly with v1 API
|
CVE-2015-5251 |
Mirantis OpenStack
|
Fix released, assigned to Mike Fedosin
|
Bug #1497984: [Glance] Glance user storage quota bypass #2
|
CVE-2015-5286 |
Mirantis OpenStack
|
Fix released, assigned to Mike Fedosin
|
Bug #1514467: [OSSA-2015-002] Glance still allows users to download and delete any file in glance-api server (CVE-2015-1195)
|
CVE-2014-9493
CVE-2015-1195 |
Mirantis OpenStack
|
Invalid (unassigned)
|
Bug #1514759: Security vulnerability: update kernel packages on Ubuntu slaves (USN-2800-1 and related)
|
CVE-2015-5307 |
Mirantis OpenStack
|
Invalid by MOS Linux
|
Bug #1520185: RGW returns requested bucket name raw in "Bucket" response header
|
CVE-2015-5245 |
Mirantis OpenStack
|
Won't fix, assigned to Denis Meltsaykin
|
Bug #1526823: PKI Token Revocation Bypass (CVE-2015-7546)
|
CVE-2015-7546 |
Mirantis OpenStack
|
Invalid by MOS Keystone
|
Bug #1528826: Use of MD5 in OpenStack Glance image signature (CVE-2015-8234)
|
CVE-2015-8234 |
Mirantis OpenStack
|
Fix released, assigned to MOS Glance
|
Bug #1530927: [OSSA 2016-001] Nova host data leak through snapshot
|
CVE-2015-7548 |
Mirantis OpenStack
|
Fix released, assigned to MOS Nova
|
Bug #1533285: [OSSA 2015-021] secgroup rules doesn't work for instance immediately (CVE-2015-7713)
|
CVE-2015-7713 |
Mirantis OpenStack
|
Invalid by MOS Nova
|
Bug #1533729: Heat denial of service through template-validate
|
CVE-2015-5295 |
Mirantis OpenStack
|
Fix released, assigned to Sergey Kraynev
|
Bug #1534262: Outdated (vulnerable) libvirt package in MOS 6.0
|
CVE-2011-4600
CVE-2014-8136
CVE-2015-0236
CVE-2015-5247
CVE-2015-5313 |
Mirantis OpenStack
|
Fix released, assigned to Denis Meltsaykin
|
Bug #1539520: [pre-OSSA] Vulnerability in OpenStack Glance (CVE-2016-0757) / Glance image status manipulation through locations removal (OSSA-2016-006)
|
CVE-2016-0757 |
Mirantis OpenStack
|
Fix released, assigned to Kairat Kushaev
|
Bug #1542145: [OSSA-2016-004] Swift proxy-server DoS through Large Object (CVE-2016-0737, CVE-2016-0738)
|
CVE-2016-0737
CVE-2016-0738 |
Mirantis OpenStack
|
Fix released, assigned to Alexey Stupnikov
|
Bug #1542152: [OSSA-2016-005] Potential reuse of revoked Identity tokens (CVE-2015-7546)
|
CVE-2015-7546 |
Mirantis OpenStack
|
Invalid by MOS Keystone
|
Bug #1547229: CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
|
CVE-2015-7547 |
Mirantis OpenStack
|
Fix released, assigned to MOS Maintenance
|
Bug #1552683: Vulnerability in Nova instance resize/migration
|
CVE-2016-2140 |
Mirantis OpenStack
|
Invalid by Sergii Rizvan
|
Bug #1563753: CVE-2016-2074: MPLS buffer overflow vulnerabilities in Open vSwitch
|
CVE-2016-2074 |
Mirantis OpenStack
|
Fix released, assigned to Albert Syriy
|
Bug #1572594: [OSSA 2016-002] xenapi: volume_utils._parse_volume_info can leak connection password via StorageError (CVE-2015-8749)
|
CVE-2015-8749 |
Mirantis OpenStack
|
Fix released, assigned to Alexey Stupnikov
|
Bug #1578370: Multiple MySQL 5.5 and 5.6 vulnerabilities
|
CVE-2016-0639
CVE-2016-0640
CVE-2016-0641
CVE-2016-0642
CVE-2016-0643
CVE-2016-0644
CVE-2016-0646
CVE-2016-0647
CVE-2016-0648
CVE-2016-0649
CVE-2016-0650
CVE-2016-0655
CVE-2016-0661
CVE-2016-0665
CVE-2016-0666
CVE-2016-0668
CVE-2016-2047 |
Mirantis OpenStack
|
Fix released, assigned to MOS Linux
|
Bug #1584662: [CVE-2016-3710] Multiple Qemu security vulnerabilities
|
CVE-2016-3710
CVE-2016-5403 |
Mirantis OpenStack
|
Fix released, assigned to Albert Syriy
|
Bug #1590372: Backport the fix for Horizon CVE-2016-4428 vulnerability (OSSA-2016-010)
|
CVE-2016-4428 |
Mirantis OpenStack
|
Fix released, assigned to Timur Sufiev
|
Bug #1593002: [murano] YaqlYamlLoader inherits from YamlLoader
|
CVE-2016-4972 |
Mirantis OpenStack
|
Fix released, assigned to Kirill Zaitsev
|
Bug #1593209: Ironic Node information including credentials exposed to unauthenticated users
|
CVE-2016-4985 |
Mirantis OpenStack
|
Invalid by Pavlo Shchelokovskyy
|
Bug #1597254: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)
|
CVE-2015-5162 |
Mirantis OpenStack
|
Fix released, assigned to Fuel Sustaining
|
Bug #1615063: QEMU regression (USN-3047-2)
|
CVE-2016-5403 |
Mirantis OpenStack
|
Fix released, assigned to Ivan Suzdal
|
Bug #1636528: CVE-2016-5195 linux kernel local privilege escalation (Dirty COW)
|
CVE-2016-5195 |
Mirantis OpenStack
|
Fix released, assigned to MOS Linux
|
Bug #1679820: Django security issues, new releases 1.10.7, 1.9.13, 1.8.18
|
CVE-2017-7233
CVE-2017-7234 |
Mirantis OpenStack
|
Won't fix, assigned to MOS Maintenance
|
Bug #1680766: Incorrect role assignment with federated Keystone (CVE-2017-2673) (OSSA-2017-004)
|
CVE-2017-2673 |
Mirantis OpenStack
|
Won't fix, assigned to MOS Keystone
|
Bug #1748200: Qemu CVE-2017-5715 aka Spectre update
|
CVE-2017-5715 |
Mirantis OpenStack
|
Fix released, assigned to Valeriy Saharov
|
Bug #1800780: Provide updated MongoDB package
|
CVE-2016-6494 |
Mirantis OpenStack
|
Fix released, assigned to Denis Meltsaykin
|