CVE & Exploit Intelligence Database

CVE-2026-28370 9.1 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.00

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

CWE-95 Feb 27, 2026

CVE-2024-28718 9.8 CRITICAL EPSS 0.01

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

CWE-367 Apr 12, 2024

CVE-2021-38598 9.1 CRITICAL EPSS 0.00

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

CWE-290 Aug 23, 2021

CVE-2020-26943 9.9 CRITICAL EPSS 0.02

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

Oct 16, 2020

CVE-2013-2167 9.8 CRITICAL EPSS 0.01

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CWE-345 Dec 10, 2019

CVE-2013-2166 9.8 CRITICAL EPSS 0.00

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CWE-326 Dec 10, 2019

CVE-2019-15753 9.1 CRITICAL EPSS 0.01

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

CWE-770 Aug 28, 2019

CVE-2016-7404 9.8 CRITICAL EPSS 0.03

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

CWE-200 Jun 21, 2019

CVE-2017-18017 9.8 CRITICAL EPSS 0.38

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CWE-416 Jan 03, 2018

CVE-2017-16613 9.8 CRITICAL 1 Writeup EPSS 0.02

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

CWE-287 Nov 21, 2017

CVE-2017-7214 9.8 CRITICAL EPSS 0.01

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

CWE-532 Mar 21, 2017

CVE-2016-4972 9.8 CRITICAL EPSS 0.04

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

CWE-20 Sep 26, 2016

CVE-2015-8914 9.1 CRITICAL EPSS 0.07

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

CWE-254 Jun 17, 2016

CVE-2012-4406 9.8 CRITICAL EPSS 0.05

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

CWE-502 Oct 22, 2012