openstack

276 tracked vulnerabilities.

CVE-2020-26943 CRITICAL
OpenStack blazar-dashboard < 1.3.1 - Remote Code Execution via Python eval Function
Oct 16, 2020
CVSS 9.9
EPSS 0.02
CVE-2020-17376 HIGH
OpenStack Nova <19.3.1,20.x<20.3.1,21.0.0 - Privilege Escalation
Aug 26, 2020
CVSS 8.3
EPSS 0.00
CVE-2020-12692 MEDIUM
OpenStack Keystone <15.0.1-16.0.0 - Info Disclosure
May 07, 2020
CVSS 5.4
EPSS 0.00
CVE-2020-12691 HIGH
OpenStack Keystone <16.0.0 - Privilege Escalation
May 07, 2020
CVSS 8.8
EPSS 0.04
CVE-2020-12690 HIGH
OpenStack Keystone <16.0.0 - Privilege Escalation
May 07, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-12689 HIGH
OpenStack Keystone <16.0.0 - Privilege Escalation
May 07, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-9543 HIGH
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 - Unauthorized Resource Access via UUID Lookup
Mar 12, 2020
CVSS 8.3
EPSS 0.00
CVE-2019-19687 HIGH
OpenStack Keystone 15.0.0-16.0.0 - Info Disclosure
Dec 09, 2019
CVSS 8.8
EPSS 0.01
CVE-2019-15753 CRITICAL
OpenStack os-vif 1.15.0-1.15.1 and 1.16.0 - Unauthenticated Ethernet Flooding via Hardcoded MAC Aging Time
Aug 28, 2019
CVSS 9.1
EPSS 0.01
CVE-2019-14433 MEDIUM
OpenStack Nova <17.0.12-19.0.2 - Info Disclosure
Aug 09, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-10141 HIGH
openstack-ironic-inspector <8.2.1 - SQL Injection
Jul 30, 2019
CVSS 8.3
EPSS 0.01
CVE-2019-3895 HIGH
OpenStack Octavia < 0.9.0 - Unauthenticated Arbitrary Image Execution via Amphorae Spawning
Jun 03, 2019
CVSS 8.0
EPSS 0.01
CVE-2019-10876 MEDIUM
OpenStack Neutron <11.0.7-13.0.3 - DoS
Apr 05, 2019
CVSS 6.5
EPSS 0.01
CVE-2019-3830 HIGH
OpenStack Ceilometer < 12.0.0.0rc1 - Sensitive Information Exposure in Log Files
Mar 26, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-9735 MEDIUM
OpenStack Neutron <13.0.3 - Privilege Escalation
Mar 13, 2019
CVSS 6.5
EPSS 0.02
CVE-2018-16856 MEDIUM
Red Hat Openstack Platform Director - Info Disclosure
Mar 26, 2019
CVSS 5.5
EPSS 0.00
CVE-2018-20170 MEDIUM
OpenStack Keystone <14.0.1 - Info Disclosure
Dec 17, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-14636 MEDIUM
OpenStack Neutron < 11.0.4, 12.0.3, 13.0.0.0b2 - Unauthorized Traffic Inspection via Open vSwitch Integration Bridge
Sep 10, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-14635 MEDIUM
OpenStack Neutron <13.0.0.0b2, <12.0.3, <11.0.5 - DoS
Sep 10, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-14432 MEDIUM
OpenStack Keystone <13.0.0 - Auth Bypass
Jul 31, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-10898 HIGH
openstack-tripleo-heat-templates < 8.0.2-40 - Use of Hard-coded Credentials
Jul 30, 2018
CVSS 8.8
EPSS 0.00
CVE-2017-8761 MEDIUM
OpenStack Swift < 2.10.1, 2.11.0-2.13.0, 2.14.0 - Exposure of Sensitive Information via TempURL Path Logging
Jun 02, 2021
CVSS 4.3
EPSS 0.00
CVE-2017-15139 HIGH
OpenStack Cinder <= Queens - Exposure of Sensitive Information via ScaleIO Thin Volume Zero Padding
Aug 27, 2018
CVSS 7.5
EPSS 0.00
CVE-2017-2627 HIGH
OpenStack TripleO Common - Path Traversal and Privilege Escalation via Sudoers Wildcard Misconfiguration
Aug 22, 2018
CVSS 8.2
EPSS 0.00
CVE-2017-2621 MEDIUM
OpenStack Orchestration <8.0.0, 6.1.0, 7.0.2 - Info Disclosure
Jul 27, 2018
CVSS 5.5
EPSS 0.00
Products
keystone 39 nova 38 folsom 25 neutron 25 horizon 22 essex 15 image_registry_and_delivery_service_\(glance\) 15 grizzly 14 swift 13 compute 12 glance 12 havana 11 cinder 9 heat 7 python-keystoneclient 7 Ironic 5 barbican 5 tripleo_heat_templates 5 Keystone 4 icehouse 4 keystonemiddleware 3 trove 3 Cyborg 2 ceilometer 2 cloud_magnum_orchestration 2 designate 2 diablo 2 keystone_essex 2 magnum 2 manila 2
Quick Filters
Critical CVEs With Exploits In CISA KEV