Filtered by vendor Openstack
Subscribe
Total
259 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5362 | 1 Openstack | 1 Neutron | 2025-04-12 | 6.4 MEDIUM | 8.2 HIGH |
| The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |||||
| CVE-2014-3476 | 2 Openstack, Suse | 2 Keystone, Cloud | 2025-04-12 | 6.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. | |||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | |||||
| CVE-2014-5253 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2025-04-12 | 4.9 MEDIUM | N/A |
| OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. | |||||
| CVE-2016-0738 | 1 Openstack | 1 Swift | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
| CVE-2015-3988 | 2 Openstack, Oracle | 2 Horizon, Solaris | 2025-04-12 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | |||||
| CVE-2015-1195 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 6.5 MEDIUM | N/A |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. | |||||
| CVE-2014-3475 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578. | |||||
| CVE-2014-3473 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template. | |||||
| CVE-2014-3555 | 1 Openstack | 1 Neutron | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. | |||||
| CVE-2015-3280 | 1 Openstack | 1 Nova | 2025-04-12 | 6.8 MEDIUM | N/A |
| OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | |||||
| CVE-2015-5162 | 1 Openstack | 3 Cinder, Glance, Nova | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
| The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | |||||
| CVE-2014-0204 | 1 Openstack | 1 Keystone | 2025-04-12 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | |||||
| CVE-2014-3708 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. | |||||
| CVE-2014-3497 | 1 Openstack | 1 Swift | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. | |||||
| CVE-2016-7498 | 1 Openstack | 1 Compute \(nova\) | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression. | |||||
| CVE-2015-5163 | 1 Openstack | 1 Glance | 2025-04-12 | 3.5 LOW | N/A |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | |||||
| CVE-2015-8914 | 1 Openstack | 1 Neutron | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | |||||
| CVE-2014-3641 | 1 Openstack | 1 Cinder | 2025-04-12 | 4.0 MEDIUM | N/A |
| The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header. | |||||
| CVE-2014-3474 | 2 Openstack, Opensuse | 2 Horizon, Opensuse | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name. | |||||