openstack
295 tracked vulnerabilities.
CVE-2017-16613
CRITICAL
OpenStack Swauth <1.2.0 - Auth Bypass
Nov 21, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-16239
MEDIUM
OpenStack Nova <14.0.9, <15.0.7, <16.0.2 - Privilege Escalation
Nov 14, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-7549
MEDIUM
Red Hat OpenStack - Symbolic-Link Attack
Sep 21, 2017
CVSS 6.4
EPSS 0.00
CVE-2017-12440
HIGH
OpenStack Aodh < 6.0.1 - Authenticated Trust ID Spoofing via Alarm Action Scheme
Aug 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-1000366
HIGH
glibc <2.25 - Remote Code Execution
Jun 19, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-5936
HIGH
OpenStack Nova-LXD <13.1.1 - Privilege Escalation
Apr 12, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7400
MEDIUM
OpenStack Horizon 9.x-9.1.1 10.x-10.0.2 11.0.0 - Authenticated Cross-Site Scripting via Federation Mapping
Apr 03, 2017
CVSS 4.8
EPSS 0.01
CVE-2017-7214
CRITICAL
OpenStack Nova <15.0.1 - Info Disclosure
Mar 21, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-7200
MEDIUM
OpenStack Glance < Newton - Server-Side Request Forgery via Image Service API v1 copy_from Feature
Mar 21, 2017
CVSS 5.8
EPSS 0.02
CVE-2016-7404
CRITICAL
OpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
Jun 21, 2019
CVSS 9.8
EPSS 0.02
CVE-2016-8611
MEDIUM
OpenStack Glance - Denial of Service via Unbounded Image Upload
Jul 31, 2018
CVSS 4.3
EPSS 0.02
CVE-2016-9590
MEDIUM
puppet-swift < 8.2.1 - Sensitive Information Exposure via World-Readable Configuration File
Apr 26, 2018
CVSS 6.5
EPSS 0.01
CVE-2016-9599
HIGH
puppet-tripleo - Improper Access Control via IPtables Rules with Empty Port Values
Apr 24, 2018
CVSS 7.1
EPSS 0.01
CVE-2016-6519
MEDIUM
OpenStack Manila < 2.5.1 - Authenticated Stored Cross-Site Scripting via Metadata Field
Apr 21, 2017
CVSS 5.4
EPSS 0.01
CVE-2016-5737
MEDIUM
OpenStack Puppet-Gerrit - Cross-Site Scripting via Improper MIME Type Handling
Jan 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-9185
MEDIUM
OpenStack Heat <=5.0.3, >=6.0.0 <=6.1.0, ==7.0.0 - SSRF
Nov 04, 2016
CVSS 4.3
EPSS 0.02
CVE-2016-7498
MEDIUM
OpenStack Compute (nova) 13.0.0 - Authenticated Denial of Service via Instance Deletion in Resize State
Sep 27, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-4972
CRITICAL
OpenStack Murano < 1.0.3 and 2.x < 2.0.1 - Remote Code Execution via YAML Loader Inheritance
Sep 26, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-4428
MEDIUM
OpenStack Horizon < 8.0.1 and 9.0.0-9.0.1 - Authenticated Cross-Site Scripting via AngularJS Template Injection
Jul 12, 2016
CVSS 5.4
EPSS 0.02
CVE-2016-5363
HIGH
OpenStack Neutron < 7.0.4 and 8.0.0-8.1.0 - MAC Spoofing Bypass via DHCP Discovery or Non-IP Traffic
Jun 17, 2016
CVSS 8.2
EPSS 0.03
CVE-2016-5362
HIGH
OpenStack Neutron 7.0.0-7.0.3 and 8.0.0-8.1.0 - Denial of Service via DHCP Discovery Message
Jun 17, 2016
CVSS 8.2
EPSS 0.03
CVE-2016-0757
MEDIUM
OpenStack Image Service - Privilege Escalation
Apr 13, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-2140
MEDIUM
OpenStack Nova < 12.0.3 - Authenticated Arbitrary File Read via Crafted qcow2 Header
Apr 12, 2016
CVSS 5.3
EPSS 0.02
CVE-2016-0738
HIGH
OpenStack Swift < 2.3.1 - Denial of Service via Large Object URL Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-0737
HIGH
OpenStack Swift < 2.4.0 - Denial of Service via Interrupted Large Object Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.04
Products
keystone 44
nova 39
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 14
Ironic 12
compute 12
glance 12
havana 11
cinder 9
ironic 9
Keystone 8
heat 7
python-keystoneclient 7
barbican 5
tripleo_heat_templates 5
icehouse 4
keystonemiddleware 4
trove 3
Cyborg 2
Horizon 2
Neutron 2
Nova 2
Swift 2
ceilometer 2
cloud_magnum_orchestration 2
Quick Filters