openstack

276 tracked vulnerabilities.

CVE-2017-7543 MEDIUM
OpenStack Neutron < 7.2.0-12.1 - Race Condition Disabling Security Groups
Jul 26, 2018
CVSS 5.3
EPSS 0.00
CVE-2017-2592 MEDIUM
oslo.middleware < 3.8.1, 3.19.1, 3.23.1 - Sensitive Information Disclosure in Error Logs
May 08, 2018
CVSS 5.9
EPSS 0.00
CVE-2017-18191 HIGH
OpenStack Nova 15.0.0-15.1.0 and 16.0.0-16.1.1 - Denial of Service via Encrypted Volume Detach/Reattach
Feb 19, 2018
CVSS 7.5
EPSS 0.02
CVE-2017-18017 CRITICAL
Linux Kernel < 4.11 and 4.9.x < 4.9.36 - Use-After-Free in tcpmss_mangle_packet
Jan 03, 2018
CVSS 9.8
EPSS 0.34
CVE-2017-12155 MEDIUM
openstack-tripleo-heat-templates - Info Disclosure
Dec 12, 2017
CVSS 6.3
EPSS 0.00
CVE-2017-17051 HIGH
OpenStack Nova 16.0.3 - Authenticated Denial of Service via Repeated Instance Rebuild
Dec 05, 2017
CVSS 8.6
EPSS 0.01
CVE-2017-16613 CRITICAL
OpenStack Swauth <1.2.0 - Auth Bypass
Nov 21, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-16239 MEDIUM
OpenStack Nova <14.0.9, <15.0.7, <16.0.2 - Privilege Escalation
Nov 14, 2017
CVSS 6.5
EPSS 0.00
CVE-2017-7549 MEDIUM
Red Hat OpenStack - Symbolic-Link Attack
Sep 21, 2017
CVSS 6.4
EPSS 0.00
CVE-2017-12440 HIGH
OpenStack Aodh < 6.0.1 - Authenticated Trust ID Spoofing via Alarm Action Scheme
Aug 18, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-1000366 HIGH
glibc <2.25 - Remote Code Execution
Jun 19, 2017
CVSS 7.8
EPSS 0.09
CVE-2017-5936 HIGH
OpenStack Nova-LXD <13.1.1 - Privilege Escalation
Apr 12, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-7400 MEDIUM
OpenStack Horizon 9.x-9.1.1 10.x-10.0.2 11.0.0 - Authenticated Cross-Site Scripting via Federation Mapping
Apr 03, 2017
CVSS 4.8
EPSS 0.00
CVE-2017-7214 CRITICAL
OpenStack Nova <15.0.1 - Info Disclosure
Mar 21, 2017
CVSS 9.8
EPSS 0.01
CVE-2017-7200 MEDIUM
OpenStack Glance < Newton - Server-Side Request Forgery via Image Service API v1 copy_from Feature
Mar 21, 2017
CVSS 5.8
EPSS 0.00
CVE-2016-7404 CRITICAL
OpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
Jun 21, 2019
CVSS 9.8
EPSS 0.00
CVE-2016-8611 MEDIUM
OpenStack Glance - Denial of Service via Unbounded Image Upload
Jul 31, 2018
CVSS 4.3
EPSS 0.01
CVE-2016-9590 MEDIUM
puppet-swift < 8.2.1 - Sensitive Information Exposure via World-Readable Configuration File
Apr 26, 2018
CVSS 6.5
EPSS 0.00
CVE-2016-9599 HIGH
puppet-tripleo - Improper Access Control via IPtables Rules with Empty Port Values
Apr 24, 2018
CVSS 7.1
EPSS 0.00
CVE-2016-6519 MEDIUM
OpenStack Manila < 2.5.1 - Authenticated Stored Cross-Site Scripting via Metadata Field
Apr 21, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-5737 MEDIUM
OpenStack Puppet-Gerrit - Cross-Site Scripting via Improper MIME Type Handling
Jan 12, 2017
CVSS 6.1
EPSS 0.00
CVE-2016-9185 MEDIUM
OpenStack Heat <=5.0.3, >=6.0.0 <=6.1.0, ==7.0.0 - SSRF
Nov 04, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-7498 MEDIUM
OpenStack Compute (nova) 13.0.0 - Authenticated Denial of Service via Instance Deletion in Resize State
Sep 27, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-4972 CRITICAL
OpenStack Murano < 1.0.3 and 2.x < 2.0.1 - Remote Code Execution via YAML Loader Inheritance
Sep 26, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-4428 MEDIUM
OpenStack Horizon < 8.0.1 and 9.0.0-9.0.1 - Authenticated Cross-Site Scripting via AngularJS Template Injection
Jul 12, 2016
CVSS 5.4
EPSS 0.01
Products
keystone 39 nova 38 folsom 25 neutron 25 horizon 22 essex 15 image_registry_and_delivery_service_\(glance\) 15 grizzly 14 swift 13 compute 12 glance 12 havana 11 cinder 9 heat 7 python-keystoneclient 7 Ironic 5 barbican 5 tripleo_heat_templates 5 Keystone 4 icehouse 4 keystonemiddleware 3 trove 3 Cyborg 2 ceilometer 2 cloud_magnum_orchestration 2 designate 2 diablo 2 keystone_essex 2 magnum 2 manila 2
Quick Filters
Critical CVEs With Exploits In CISA KEV