Filtered by vendor Openstack
Subscriptions
Total
262 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5303 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack-director | 2025-04-12 | N/A |
| The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. | ||||
| CVE-2015-3280 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | ||||
| CVE-2015-8466 | 2 Fedoraproject, Openstack | 2 Fedora, Swift3 | 2025-04-12 | N/A |
| Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | ||||
| CVE-2014-3632 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2025-04-12 | N/A |
| The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression. | ||||
| CVE-2013-4471 | 1 Openstack | 1 Horizon | 2025-04-12 | N/A |
| The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | ||||
| CVE-2015-5251 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | ||||
| CVE-2015-3289 | 1 Openstack | 1 Glance | 2025-04-12 | N/A |
| OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. | ||||
| CVE-2014-8124 | 5 Fedoraproject, Openstack, Opensuse and 2 more | 5 Fedora, Horizon, Opensuse and 2 more | 2025-04-12 | N/A |
| OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. | ||||
| CVE-2014-6414 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | ||||
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | ||||
| CVE-2016-9185 | 2 Openstack, Redhat | 2 Heat, Openstack | 2025-04-12 | N/A |
| In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0. | ||||
| CVE-2015-3221 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. | ||||
| CVE-2015-5163 | 2 Openstack, Redhat | 2 Glance, Openstack | 2025-04-12 | N/A |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | ||||
| CVE-2014-0204 | 1 Openstack | 1 Keystone | 2025-04-12 | N/A |
| OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | ||||
| CVE-2014-3475 | 3 Openstack, Opensuse, Redhat | 3 Horizon, Opensuse, Openstack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | ||||
| CVE-2014-3474 | 3 Openstack, Opensuse, Redhat | 3 Horizon, Opensuse, Openstack | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | ||||
| CVE-2014-3517 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests. | ||||
| CVE-2014-3520 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | ||||
| CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | ||||
| CVE-2015-1195 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | N/A |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. | ||||