Filtered by vendor Openstack
Subscribe
Total
258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7548 | 1 Openstack | 1 Nova | 2025-04-12 | 2.1 LOW | 3.5 LOW |
| OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. | |||||
| CVE-2014-0105 | 1 Openstack | 1 Python-keystoneclient | 2025-04-12 | 6.0 MEDIUM | N/A |
| The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached." | |||||
| CVE-2014-6414 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||||
| CVE-2014-5253 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2025-04-12 | 4.9 MEDIUM | N/A |
| OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | |||||
| CVE-2014-3520 | 1 Openstack | 1 Keystone | 2025-04-12 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | |||||
| CVE-2015-3988 | 2 Openstack, Oracle | 2 Horizon, Solaris | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | |||||
| CVE-2014-7960 | 1 Openstack | 1 Swift | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. | |||||
| CVE-2015-5303 | 1 Openstack | 1 Tripleo Heat Templates | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. | |||||
| CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2025-04-11 | 4.3 MEDIUM | N/A |
| The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4278 | 1 Openstack | 1 Compute | 2025-04-11 | 3.5 LOW | N/A |
| The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256. | |||||
| CVE-2013-7130 | 1 Openstack | 4 Compute, Grizzly, Havana and 1 more | 2025-04-11 | 7.1 HIGH | N/A |
| The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage. | |||||
| CVE-2013-0335 | 2 Canonical, Openstack | 4 Ubuntu Linux, Essex, Folsom and 1 more | 2025-04-11 | 6.0 MEDIUM | N/A |
| OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | |||||
| CVE-2012-4413 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | |||||
| CVE-2012-3540 | 1 Openstack | 1 Horizon | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. | |||||
| CVE-2012-2101 | 1 Openstack | 1 Nova | 2025-04-11 | 3.5 LOW | N/A |
| Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. | |||||
| CVE-2012-5563 | 1 Openstack | 1 Folsom | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression. | |||||
| CVE-2013-6391 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2025-04-11 | 5.8 MEDIUM | N/A |
| The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | |||||
| CVE-2012-4406 | 3 Fedoraproject, Openstack, Redhat | 7 Fedora, Swift, Enterprise Linux Server and 4 more | 2025-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | |||||
| CVE-2013-4469 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2025-04-11 | 1.9 LOW | N/A |
| OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | |||||
| CVE-2013-0270 | 1 Openstack | 1 Keystone | 2025-04-11 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | |||||