openstack

295 tracked vulnerabilities.

CVE-2017-16613 CRITICAL
OpenStack Swauth <1.2.0 - Auth Bypass
Nov 21, 2017
CVSS 9.8
EPSS 0.08
CVE-2017-16239 MEDIUM
OpenStack Nova <14.0.9, <15.0.7, <16.0.2 - Privilege Escalation
Nov 14, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-7549 MEDIUM
Red Hat OpenStack - Symbolic-Link Attack
Sep 21, 2017
CVSS 6.4
EPSS 0.00
CVE-2017-12440 HIGH
OpenStack Aodh < 6.0.1 - Authenticated Trust ID Spoofing via Alarm Action Scheme
Aug 18, 2017
CVSS 7.5
EPSS 0.02
CVE-2017-1000366 HIGH
glibc <2.25 - Remote Code Execution
Jun 19, 2017
CVSS 7.8
EPSS 0.03
CVE-2017-5936 HIGH
OpenStack Nova-LXD <13.1.1 - Privilege Escalation
Apr 12, 2017
CVSS 7.5
EPSS 0.03
CVE-2017-7400 MEDIUM
OpenStack Horizon 9.x-9.1.1 10.x-10.0.2 11.0.0 - Authenticated Cross-Site Scripting via Federation Mapping
Apr 03, 2017
CVSS 4.8
EPSS 0.01
CVE-2017-7214 CRITICAL
OpenStack Nova <15.0.1 - Info Disclosure
Mar 21, 2017
CVSS 9.8
EPSS 0.02
CVE-2017-7200 MEDIUM
OpenStack Glance < Newton - Server-Side Request Forgery via Image Service API v1 copy_from Feature
Mar 21, 2017
CVSS 5.8
EPSS 0.02
CVE-2016-7404 CRITICAL
OpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
Jun 21, 2019
CVSS 9.8
EPSS 0.02
CVE-2016-8611 MEDIUM
OpenStack Glance - Denial of Service via Unbounded Image Upload
Jul 31, 2018
CVSS 4.3
EPSS 0.02
CVE-2016-9590 MEDIUM
puppet-swift < 8.2.1 - Sensitive Information Exposure via World-Readable Configuration File
Apr 26, 2018
CVSS 6.5
EPSS 0.01
CVE-2016-9599 HIGH
puppet-tripleo - Improper Access Control via IPtables Rules with Empty Port Values
Apr 24, 2018
CVSS 7.1
EPSS 0.01
CVE-2016-6519 MEDIUM
OpenStack Manila < 2.5.1 - Authenticated Stored Cross-Site Scripting via Metadata Field
Apr 21, 2017
CVSS 5.4
EPSS 0.01
CVE-2016-5737 MEDIUM
OpenStack Puppet-Gerrit - Cross-Site Scripting via Improper MIME Type Handling
Jan 12, 2017
CVSS 6.1
EPSS 0.01
CVE-2016-9185 MEDIUM
OpenStack Heat <=5.0.3, >=6.0.0 <=6.1.0, ==7.0.0 - SSRF
Nov 04, 2016
CVSS 4.3
EPSS 0.02
CVE-2016-7498 MEDIUM
OpenStack Compute (nova) 13.0.0 - Authenticated Denial of Service via Instance Deletion in Resize State
Sep 27, 2016
CVSS 6.5
EPSS 0.02
CVE-2016-4972 CRITICAL
OpenStack Murano < 1.0.3 and 2.x < 2.0.1 - Remote Code Execution via YAML Loader Inheritance
Sep 26, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-4428 MEDIUM
OpenStack Horizon < 8.0.1 and 9.0.0-9.0.1 - Authenticated Cross-Site Scripting via AngularJS Template Injection
Jul 12, 2016
CVSS 5.4
EPSS 0.02
CVE-2016-5363 HIGH
OpenStack Neutron < 7.0.4 and 8.0.0-8.1.0 - MAC Spoofing Bypass via DHCP Discovery or Non-IP Traffic
Jun 17, 2016
CVSS 8.2
EPSS 0.03
CVE-2016-5362 HIGH
OpenStack Neutron 7.0.0-7.0.3 and 8.0.0-8.1.0 - Denial of Service via DHCP Discovery Message
Jun 17, 2016
CVSS 8.2
EPSS 0.03
CVE-2016-0757 MEDIUM
OpenStack Image Service - Privilege Escalation
Apr 13, 2016
CVSS 4.3
EPSS 0.01
CVE-2016-2140 MEDIUM
OpenStack Nova < 12.0.3 - Authenticated Arbitrary File Read via Crafted qcow2 Header
Apr 12, 2016
CVSS 5.3
EPSS 0.02
CVE-2016-0738 HIGH
OpenStack Swift < 2.3.1 - Denial of Service via Large Object URL Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.04
CVE-2016-0737 HIGH
OpenStack Swift < 2.4.0 - Denial of Service via Interrupted Large Object Requests
Jan 29, 2016
CVSS 7.5
EPSS 0.04