Filtered by vendor Openstack
Subscribe
Total
255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0282 | 1 Openstack | 1 Keystone | 2018-11-16 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | |||||
| CVE-2013-0270 | 1 Openstack | 1 Keystone | 2018-11-16 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | |||||
| CVE-2012-4457 | 1 Openstack | 1 Keystone | 2018-11-16 | 4.0 MEDIUM | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | |||||
| CVE-2011-4596 | 1 Openstack | 1 Nova | 2018-11-16 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. | |||||
| CVE-2013-4428 | 2 Canonical, Openstack | 2 Ubuntu Linux, Glance | 2018-11-15 | 3.5 LOW | N/A |
| OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. | |||||
| CVE-2013-4185 | 2 Openstack, Redhat | 2 Compute, Openstack | 2018-11-15 | 4.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | |||||
| CVE-2013-0247 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2018-11-15 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. | |||||
| CVE-2012-1585 | 1 Openstack | 1 Nova | 2018-11-14 | 4.0 MEDIUM | N/A |
| OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. | |||||
| CVE-2014-0187 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Neutron, Opensuse | 2018-10-30 | 9.0 HIGH | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | |||||
| CVE-2013-2161 | 2 Openstack, Opensuse | 4 Folsom, Grizzly, Havana and 1 more | 2018-10-30 | 7.5 HIGH | N/A |
| XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | |||||
| CVE-2014-4167 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-22 | 3.5 LOW | N/A |
| The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | |||||
| CVE-2014-6414 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-19 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||||
| CVE-2016-5362 | 1 Openstack | 1 Neutron | 2018-10-19 | 6.4 MEDIUM | 8.2 HIGH |
| The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |||||
| CVE-2015-8914 | 1 Openstack | 1 Neutron | 2018-10-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | |||||
| CVE-2013-6433 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-19 | 7.6 HIGH | N/A |
| The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | |||||
| CVE-2017-7400 | 1 Openstack | 1 Horizon | 2018-01-05 | 3.5 LOW | 4.8 MEDIUM |
| OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |||||
| CVE-2017-7214 | 1 Openstack | 1 Nova | 2018-01-05 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. | |||||
| CVE-2016-9185 | 1 Openstack | 1 Heat | 2018-01-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. | |||||
| CVE-2015-5223 | 1 Openstack | 1 Swift | 2018-01-05 | 5.0 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | |||||
| CVE-2015-1856 | 2 Canonical, Openstack | 2 Ubuntu Linux, Swift | 2018-01-05 | 5.5 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | |||||