openstack

276 tracked vulnerabilities.

CVE-2016-5363 HIGH
OpenStack Neutron < 7.0.4 and 8.0.0-8.1.0 - MAC Spoofing Bypass via DHCP Discovery or Non-IP Traffic
Jun 17, 2016
CVSS 8.2
EPSS 0.05
CVE-2016-5362 HIGH
OpenStack Neutron 7.0.0-7.0.3 and 8.0.0-8.1.0 - Denial of Service via DHCP Discovery Message
Jun 17, 2016
CVSS 8.2
EPSS 0.06
CVE-2016-0757 MEDIUM
OpenStack Image Service - Privilege Escalation
Apr 13, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2140 MEDIUM
OpenStack Nova < 12.0.3 - Authenticated Arbitrary File Read via Crafted qcow2 Header
Apr 12, 2016
CVSS 5.3
EPSS 0.00
CVE-2016-0738 HIGH
OpenStack Swift < 2.3.1 - Denial of Service via Large Object URL Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.06
CVE-2016-0737 HIGH
OpenStack Swift < 2.4.0 - Denial of Service via Interrupted Large Object Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.06
CVE-2015-9543 LOW
OpenStack Nova < 18.2.4, 19.x < 19.1.0, 20.x < 20.1.0 - Exposure of Sensitive Consoleauth Tokens in Log Files
Feb 19, 2020
CVSS 3.3
EPSS 0.00
CVE-2015-5694 MEDIUM
OpenStack Designate - Denial of Service via DNS Record Set Size Limit Bypass
Nov 22, 2019
CVSS 6.5
EPSS 0.01
CVE-2015-5695 MEDIUM
OpenStack Designate 2015.1.0-1.0.0.0b1 - Denial of Service via Zone File Transfer
Aug 31, 2017
CVSS 6.5
EPSS 0.02
CVE-2015-3156 MEDIUM
OpenStack Trove < 2014.2.4 - Symlink Attack via Temporary File in Configuration Functions
Aug 11, 2017
CVSS 5.5
EPSS 0.00
CVE-2015-2687 MEDIUM
OpenStack Compute - Improper Access Control via Failed Live Migration
Aug 09, 2017
CVSS 4.7
EPSS 0.00
CVE-2015-7514 MEDIUM
OpenStack Ironic <4.2.1 - Info Disclosure
Jun 07, 2017
CVSS 6.5
EPSS 0.00
CVE-2015-8234 MEDIUM
OpenStack Glance 11.0.0 - Auth Bypass
Mar 29, 2017
CVSS 5.5
EPSS 0.00
CVE-2015-5162 HIGH
OpenStack Cinder 7.0.2, 8.0.0-8.1.1 - Denial of Service via Image Parser
Oct 07, 2016
CVSS 7.5
EPSS 0.04
CVE-2015-8914 CRITICAL
OpenStack Neutron 7.0.0-7.0.3 and 8.0.0-8.1.0 - Denial of Service via ICMPv6 Spoofing Bypass
Jun 17, 2016
CVSS 9.1
EPSS 0.07
CVE-2015-5271 HIGH
TripleO Heat templates - Info Disclosure
Apr 15, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-5303 HIGH
TripleO Heat templates - Open Redirect
Apr 11, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-7546 HIGH
OpenStack Identity <2015.1.3-8.0.2 - Privilege Escalation
Feb 03, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-5295 MEDIUM
OpenStack Orchestration API < 2015.1.3 and 5.0.0-5.0.1 - Authenticated Denial of Service via Template Resource Type
Jan 20, 2016
CVSS 5.4
EPSS 0.01
CVE-2015-8749 MEDIUM
OpenStack Nova 12.0.0 - Exposure of Sensitive Information in Xen Backend StorageError Message
Jan 15, 2016
CVSS 5.9
EPSS 0.01
CVE-2015-8466 HIGH
Swift3 <1.9 - Info Disclosure
Jan 13, 2016
CVSS 7.4
EPSS 0.00
CVE-2015-7548 LOW
OpenStack Compute <2015.1.3 - Info Disclosure
Jan 12, 2016
CVSS 3.5
EPSS 0.00
CVE-2015-5306
OpenStack Ironic Inspector - Remote Code Execution via Flask Debug Console
Nov 25, 2015
EPSS 0.01
CVE-2015-7713
OpenStack Compute <2014.2.4 - Privilege Escalation
Oct 29, 2015
EPSS 0.02
CVE-2015-5240
OpenStack Neutron <2014.2.4-2015.1.2 - Privilege Escalation
Oct 27, 2015
EPSS 0.00
Products
keystone 39 nova 38 folsom 25 neutron 25 horizon 22 essex 15 image_registry_and_delivery_service_\(glance\) 15 grizzly 14 swift 13 compute 12 glance 12 havana 11 cinder 9 heat 7 python-keystoneclient 7 Ironic 5 barbican 5 tripleo_heat_templates 5 Keystone 4 icehouse 4 keystonemiddleware 3 trove 3 Cyborg 2 ceilometer 2 cloud_magnum_orchestration 2 designate 2 diablo 2 keystone_essex 2 magnum 2 manila 2
Quick Filters
Critical CVEs With Exploits In CISA KEV