openstack
295 tracked vulnerabilities.
CVE-2020-9543
HIGH
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 - Unauthorized Resource Access via UUID Lookup
Mar 12, 2020
CVSS 8.3
EPSS 0.01
CVE-2019-19687
HIGH
OpenStack Keystone 15.0.0-16.0.0 - Info Disclosure
Dec 09, 2019
CVSS 8.8
EPSS 0.02
CVE-2019-15753
CRITICAL
OpenStack os-vif 1.15.0-1.15.1 and 1.16.0 - Unauthenticated Ethernet Flooding via Hardcoded MAC Aging Time
Aug 28, 2019
CVSS 9.1
EPSS 0.03
CVE-2019-14433
MEDIUM
OpenStack Nova <17.0.12-19.0.2 - Info Disclosure
Aug 09, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-10141
HIGH
openstack-ironic-inspector <8.2.1 - SQL Injection
Jul 30, 2019
CVSS 8.3
EPSS 0.02
CVE-2019-3895
HIGH
OpenStack Octavia < 0.9.0 - Unauthenticated Arbitrary Image Execution via Amphorae Spawning
Jun 03, 2019
CVSS 8.0
EPSS 0.01
CVE-2019-10876
MEDIUM
OpenStack Neutron <11.0.7-13.0.3 - DoS
Apr 05, 2019
CVSS 6.5
EPSS 0.02
CVE-2019-3830
HIGH
OpenStack Ceilometer < 12.0.0.0rc1 - Sensitive Information Exposure in Log Files
Mar 26, 2019
CVSS 7.8
EPSS 0.00
CVE-2019-9735
MEDIUM
OpenStack Neutron <13.0.3 - Privilege Escalation
Mar 13, 2019
CVSS 6.5
EPSS 0.04
CVE-2018-16856
MEDIUM
Red Hat Openstack Platform Director - Info Disclosure
Mar 26, 2019
CVSS 5.5
EPSS 0.01
CVE-2018-20170
MEDIUM
OpenStack Keystone <14.0.1 - Info Disclosure
Dec 17, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-14636
MEDIUM
OpenStack Neutron < 11.0.4, 12.0.3, 13.0.0.0b2 - Unauthorized Traffic Inspection via Open vSwitch Integration Bridge
Sep 10, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-14635
MEDIUM
OpenStack Neutron <13.0.0.0b2, <12.0.3, <11.0.5 - DoS
Sep 10, 2018
CVSS 6.5
EPSS 0.03
CVE-2018-14432
MEDIUM
OpenStack Keystone <13.0.0 - Auth Bypass
Jul 31, 2018
CVSS 5.3
EPSS 0.02
CVE-2018-10898
HIGH
openstack-tripleo-heat-templates < 8.0.2-40 - Use of Hard-coded Credentials
Jul 30, 2018
CVSS 8.8
EPSS 0.01
CVE-2017-8761
MEDIUM
OpenStack Swift < 2.10.1, 2.11.0-2.13.0, 2.14.0 - Exposure of Sensitive Information via TempURL Path Logging
Jun 02, 2021
CVSS 4.3
EPSS 0.01
CVE-2017-15139
HIGH
OpenStack Cinder <= Queens - Exposure of Sensitive Information via ScaleIO Thin Volume Zero Padding
Aug 27, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-2627
HIGH
OpenStack TripleO Common - Path Traversal and Privilege Escalation via Sudoers Wildcard Misconfiguration
Aug 22, 2018
CVSS 8.2
EPSS 0.01
CVE-2017-2621
MEDIUM
OpenStack Orchestration <8.0.0, 6.1.0, 7.0.2 - Info Disclosure
Jul 27, 2018
CVSS 5.5
EPSS 0.00
CVE-2017-7543
MEDIUM
OpenStack Neutron < 7.2.0-12.1 - Race Condition Disabling Security Groups
Jul 26, 2018
CVSS 5.3
EPSS 0.02
CVE-2017-2592
MEDIUM
oslo.middleware < 3.8.1, 3.19.1, 3.23.1 - Sensitive Information Disclosure in Error Logs
May 08, 2018
CVSS 5.9
EPSS 0.00
CVE-2017-18191
HIGH
OpenStack Nova 15.0.0-15.1.0 and 16.0.0-16.1.1 - Denial of Service via Encrypted Volume Detach/Reattach
Feb 19, 2018
CVSS 7.5
EPSS 0.04
CVE-2017-18017
CRITICAL
Linux Kernel < 4.11 and 4.9.x < 4.9.36 - Use-After-Free in tcpmss_mangle_packet
Jan 03, 2018
CVSS 9.8
EPSS 0.53
CVE-2017-12155
MEDIUM
openstack-tripleo-heat-templates - Info Disclosure
Dec 12, 2017
CVSS 6.3
EPSS 0.00
CVE-2017-17051
HIGH
OpenStack Nova 16.0.3 - Authenticated Denial of Service via Repeated Instance Rebuild
Dec 05, 2017
CVSS 8.6
EPSS 0.02
Products
keystone 44
nova 39
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 14
Ironic 12
compute 12
glance 12
havana 11
cinder 9
ironic 9
Keystone 8
heat 7
python-keystoneclient 7
barbican 5
tripleo_heat_templates 5
icehouse 4
keystonemiddleware 4
trove 3
Cyborg 2
Horizon 2
Neutron 2
Nova 2
Swift 2
ceilometer 2
cloud_magnum_orchestration 2
Quick Filters