openstack

295 tracked vulnerabilities.

CVE-2013-6428
OpenStack Heat < 2013.2 - Authenticated Tenant Restriction Bypass via Modified tenant_id
Dec 14, 2013
EPSS 0.02
CVE-2013-6426
OpenStack Heat < 2013.2 - Unauthenticated Stack Creation and Update via CloudFormation API
Dec 14, 2013
EPSS 0.01
CVE-2013-6391
OpenStack Keystone < 2013.2.1 - Privilege Escalation via EC2 Tokens API
Dec 14, 2013
EPSS 0.02
CVE-2013-6384
OpenStack Ceilometer >=2013.1 <2013.2 - Sensitive Information Exposure in Log Files
Nov 23, 2013
EPSS 0.00
CVE-2013-6858
OpenStack Horizon < 2013.2 - Cross-Site Scripting via Instance Name
Nov 23, 2013
EPSS 0.02
CVE-2013-4354
OpenStack Glance - Unauthenticated Image Injection via Tenant Manipulation
Nov 23, 2013
EPSS 0.00
CVE-2013-4497
OpenStack Compute (Nova) Folsom, Grizzly, Havana < 2013.2 - Security Group Bypass during Image Resize or Live Migration
Nov 05, 2013
EPSS 0.02
CVE-2013-4477
OpenStack Keystone Grizzly and Havana - Unauthenticated Privilege Escalation via LDAP Role Removal
Nov 02, 2013
EPSS 0.00
CVE-2013-4469
OpenStack Compute (Nova) Folsom, Grizzly, Havana - Denial of Service via QCOW2 Image Virtual Size
Nov 02, 2013
EPSS 0.00
CVE-2013-4261
OpenStack Compute (Nova) Folsom and Grizzly - Denial of Service via Apache Qpid RPC Backend Error Handling
Oct 29, 2013
EPSS 0.02
CVE-2013-4185
OpenStack Compute < 2013.1.3 - Authenticated Denial of Service via Network Security Group Policy Updates
Oct 29, 2013
EPSS 0.02
CVE-2013-4428
OpenStack Glance < 2013.1.4 / < 2013.2 - Authenticated Unrestricted Image Access
Oct 27, 2013
EPSS 0.03
CVE-2013-2013
python-keystoneclient < 0.2.4 - Exposure of Sensitive Information via Command Line Argument
Oct 01, 2013
EPSS 0.00
CVE-2013-4222
OpenStack Keystone < 2013.1.3 - Insufficiently Protected Credentials
Sep 30, 2013
EPSS 0.02
CVE-2013-4294
OpenStack Keystone 2012.2.x and < 2013.1.4 - Unauthenticated Access Restriction Bypass via Revoked PKI Token
Sep 23, 2013
EPSS 0.02
CVE-2013-4278
OpenStack Compute Folsom, Grizzly, Havana - Authenticated Arbitrary Flavor Boot via Flavor ID Guessing
Sep 16, 2013
EPSS 0.01
CVE-2013-4183
OpenStack Cinder 2013.1.1-2013.1.2 - Exposure of Sensitive Information via LVMVolumeDriver Snapshot Deletion
Sep 16, 2013
EPSS 0.00
CVE-2013-4202
OpenStack Cinder < 2013.1.3 - Denial of Service via XML Entity Expansion
Sep 16, 2013
EPSS 0.03
CVE-2013-4179
OpenStack Compute (Nova) < 2013.2 - Denial of Service via XML Entity Expansion
Sep 16, 2013
EPSS 0.03
CVE-2013-2256
OpenStack Nova < 2013.1.3 - Authenticated Information Disclosure via Flavor ID Guessing
Sep 16, 2013
EPSS 0.02
CVE-2013-4111
python-glanceclient < 0.10.0 - SSL Certificate Validation Bypass via Improper preverify_ok Handling
Aug 28, 2013
EPSS 0.01
CVE-2013-4155
OpenStack Swift < 1.9.1 - Authenticated Denial of Service via DELETE Request Timestamp Manipulation
Aug 20, 2013
EPSS 0.02
CVE-2013-2161
OpenStack Swift Folsom, Grizzly, Havana - XML Injection via Account Name
Aug 20, 2013
EPSS 0.02
CVE-2013-2157
OpenStack Keystone >=2012.2 <2012.2.4 - Unauthenticated Authentication Bypass via Empty LDAP Password
Aug 20, 2013
EPSS 0.03
CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana - Denial of Service via QCOW2 Image Virtual Size
Jul 09, 2013
EPSS 0.00