Filtered by vendor Openstack
Subscribe
Total
253 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5162 | 1 Openstack | 3 Cinder, Glance, Nova | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | |||||
CVE-2015-3280 | 1 Openstack | 1 Nova | 2023-12-10 | 6.8 MEDIUM | N/A |
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | |||||
CVE-2016-2140 | 1 Openstack | 1 Nova | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | |||||
CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |||||
CVE-2014-8153 | 2 Litech, Openstack | 2 Router Advertisement Daemon, Neutron | 2023-12-10 | 4.0 MEDIUM | N/A |
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. | |||||
CVE-2014-0056 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2023-12-10 | 2.1 LOW | N/A |
The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command. | |||||
CVE-2014-3632 | 1 Openstack | 1 Neutron | 2023-12-10 | 7.6 HIGH | N/A |
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. | |||||
CVE-2014-3708 | 2 Openstack, Redhat | 2 Nova, Openstack | 2023-12-10 | 4.0 MEDIUM | N/A |
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | |||||
CVE-2014-0204 | 1 Openstack | 1 Keystone | 2023-12-10 | 6.5 MEDIUM | N/A |
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | |||||
CVE-2014-0187 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Neutron, Opensuse | 2023-12-10 | 9.0 HIGH | N/A |
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | |||||
CVE-2014-3475 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | |||||
CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2023-12-10 | 4.0 MEDIUM | N/A |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | |||||
CVE-2014-0006 | 1 Openstack | 1 Swift | 2023-12-10 | 4.3 MEDIUM | N/A |
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. | |||||
CVE-2015-1856 | 2 Canonical, Openstack | 2 Ubuntu Linux, Swift | 2023-12-10 | 5.5 MEDIUM | N/A |
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | |||||
CVE-2014-2573 | 1 Openstack | 1 Compute | 2023-12-10 | 2.3 LOW | N/A |
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. | |||||
CVE-2014-3520 | 1 Openstack | 1 Keystone | 2023-12-10 | 6.5 MEDIUM | N/A |
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | |||||
CVE-2014-3473 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. | |||||
CVE-2014-0167 | 1 Openstack | 2 Compute, Icehouse | 2023-12-10 | 6.0 MEDIUM | N/A |
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. | |||||
CVE-2014-7821 | 3 Fedoraproject, Openstack, Redhat | 3 Fedora, Neutron, Openstack | 2023-12-10 | 4.0 MEDIUM | N/A |
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | |||||
CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. |