openstack
276 tracked vulnerabilities.
CVE-2013-2256
OpenStack Nova < 2013.1.3 - Authenticated Information Disclosure via Flavor ID Guessing
Sep 16, 2013
EPSS 0.00
CVE-2013-4111
python-glanceclient < 0.10.0 - SSL Certificate Validation Bypass via Improper preverify_ok Handling
Aug 28, 2013
EPSS 0.00
CVE-2013-4155
OpenStack Swift < 1.9.1 - Authenticated Denial of Service via DELETE Request Timestamp Manipulation
Aug 20, 2013
EPSS 0.01
CVE-2013-2161
OpenStack Swift Folsom, Grizzly, Havana - XML Injection via Account Name
Aug 20, 2013
EPSS 0.00
CVE-2013-2157
OpenStack Keystone >=2012.2 <2012.2.4 - Unauthenticated Authentication Bypass via Empty LDAP Password
Aug 20, 2013
EPSS 0.00
CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana - Denial of Service via QCOW2 Image Virtual Size
Jul 09, 2013
EPSS 0.00
CVE-2013-2059
OpenStack Keystone Folsom <= 2012.2.4, Grizzly < 2013.1.1, Havana - Improper Authentication Token Revocation via v2 API
May 21, 2013
EPSS 0.01
CVE-2013-2006
OpenStack Keystone 2013.1.1 - Sensitive Information Exposure via DEBUG Mode Logging
May 21, 2013
EPSS 0.00
CVE-2013-1977
OpenStack Devstack - Information Disclosure via World-Readable Keystone Configuration
May 21, 2013
EPSS 0.00
CVE-2013-0282
OpenStack Keystone < 2012.1.3, 2012.1.x-2012.2.x, < 2013.1 - Improper Authentication via EC2-Style Authentication
Apr 12, 2013
EPSS 0.00
CVE-2013-0270
MEDIUM
OpenStack Keystone < 2012.1.3 and < 8.0.0a0 - Denial of Service via Long Tenant Name
Apr 12, 2013
CVSS 6.5
EPSS 0.03
CVE-2013-1665
OpenStack Folsom and Keystone Essex - XML External Entity Injection
Apr 03, 2013
EPSS 0.03
CVE-2013-1664
OpenStack Keystone Essex/Folsom/Grizzly, Nova Essex/Folsom, Cinder Folsom DoS via XML Entity Expansion
Apr 03, 2013
EPSS 0.04
CVE-2013-1865
OpenStack Keystone Folsom 2012.2 - Improper Authentication via Revoked PKI Token Bypass
Mar 22, 2013
EPSS 0.01
CVE-2013-1840
OpenStack Glance Essex/Folsom/Grizzly - Sensitive Information Exposure via v1 API
Mar 22, 2013
EPSS 0.00
CVE-2013-1838
OpenStack Nova Essex/Folsom/Grizzly - Authenticated DoS via IP Quota Exhaustion
Mar 22, 2013
EPSS 0.01
CVE-2013-0335
OpenStack Compute (Nova) Essex, Folsom, and Grizzly - Authenticated VM Access via VNC Token Reuse
Mar 22, 2013
EPSS 0.01
CVE-2013-0266
MEDIUM
OpenStack Essex - Information Disclosure via World-Readable Configuration Files
Mar 08, 2013
CVSS 5.5
EPSS 0.00
CVE-2013-0261
HIGH
OpenStack Essex - Arbitrary File Write via Symlink Attack on Predictable Temporary File
Mar 08, 2013
CVSS 8.8
EPSS 0.00
CVE-2013-0212
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
Feb 24, 2013
EPSS 0.01
CVE-2013-0247
OpenStack Keystone Essex/Folsom/Grizzly DoS via Invalid Token Request Logging
Feb 24, 2013
EPSS 0.03
CVE-2013-0208
OpenStack Compute (Nova) Folsom and Essex - Authenticated Volume Access Bypass via block_device_mapping Parameter
Feb 13, 2013
EPSS 0.01
CVE-2012-5476
MEDIUM
RHOS Essex Preview - Info Disclosure
Dec 30, 2019
CVSS 5.5
EPSS 0.00
CVE-2012-5474
MEDIUM
Red Hat OpenStack Platform <2.0 - Info Disclosure
Dec 30, 2019
CVSS 5.5
EPSS 0.00
CVE-2012-1572
HIGH
OpenStack Keystone - Denial of Service via Excessive Password Length
Nov 12, 2019
CVSS 7.5
EPSS 0.00
Products
keystone 39
nova 38
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 13
compute 12
glance 12
havana 11
cinder 9
heat 7
python-keystoneclient 7
Ironic 5
barbican 5
tripleo_heat_templates 5
Keystone 4
icehouse 4
keystonemiddleware 3
trove 3
Cyborg 2
ceilometer 2
cloud_magnum_orchestration 2
designate 2
diablo 2
keystone_essex 2
magnum 2
manila 2
Quick Filters