Filtered by vendor Openstack
Subscribe
Total
256 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8611 | 1 Openstack | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation. | |||||
CVE-2016-7498 | 1 Openstack | 1 Compute \(nova\) | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression. | |||||
CVE-2016-7404 | 1 Openstack | 1 Magnum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. | |||||
CVE-2016-6519 | 2 Openstack, Redhat | 2 Manila, Openstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | |||||
CVE-2016-5737 | 1 Openstack | 1 Puppet-gerrit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | |||||
CVE-2016-5363 | 1 Openstack | 1 Neutron | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | |||||
CVE-2016-5362 | 1 Openstack | 1 Neutron | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | |||||
CVE-2016-4972 | 1 Openstack | 4 Mitaka-murano, Murano, Murano-dashboard and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. | |||||
CVE-2016-4428 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Horizon, Enterprise Linux and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | |||||
CVE-2016-2140 | 1 Openstack | 1 Nova | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk. | |||||
CVE-2016-0757 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image. | |||||
CVE-2016-0738 | 1 Openstack | 1 Swift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
CVE-2016-0737 | 1 Openstack | 1 Swift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. | |||||
CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 2.1 LOW | 3.3 LOW |
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | |||||
CVE-2015-8914 | 1 Openstack | 1 Neutron | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | |||||
CVE-2015-8749 | 1 Openstack | 1 Nova | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors. | |||||
CVE-2015-8466 | 2 Fedoraproject, Openstack | 2 Fedora, Swift3 | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | |||||
CVE-2015-8234 | 1 Openstack | 1 Glance | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | |||||
CVE-2015-7713 | 1 Openstack | 1 Nova | 2024-11-21 | 5.0 MEDIUM | N/A |
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | |||||
CVE-2015-7548 | 1 Openstack | 1 Nova | 2024-11-21 | 2.1 LOW | 3.5 LOW |
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. |