Filtered by vendor Openstack
Subscribe
Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2024-11-21 | 6.0 MEDIUM | 7.1 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2016-9590 | 2 Openstack, Redhat | 2 Puppet-swift, Openstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. | |||||
| CVE-2016-8611 | 1 Openstack | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | |||||
| CVE-2016-7404 | 1 Openstack | 1 Magnum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. | |||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | |||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Designate does not enforce the DNS protocol limit concerning record set sizes | |||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | |||||
| CVE-2013-2167 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Python-keystoneclient, Openstack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | |||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | |||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| OpenStack nova base images permissions are world readable | |||||
| CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | |||||
| CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | |||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||||
| CVE-2011-4076 | 1 Openstack | 1 Nova | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. | |||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | |||||
| CVE-2024-7319 | 2 Openstack, Redhat | 2 Heat, Openstack Platform | 2024-10-07 | N/A | 5.0 MEDIUM |
| An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | |||||