openstack
276 tracked vulnerabilities.
CVE-2013-4463
OpenStack Nova Folsom/Grizzly/Havana DoS via QCOW2 Image Bypass
Feb 06, 2014
EPSS 0.00
CVE-2013-6491
OpenStack Oslo < 2013.2 - Unauthenticated Sensitive Information Exposure via Qpid SSL Enforcement Bypass
Feb 02, 2014
EPSS 0.00
CVE-2013-7048
OpenStack Nova < 2013.1.4 and 2013.2.1 - Unprotected Live Snapshot Data Exposure via World-Writable Temporary Directory
Jan 23, 2014
EPSS 0.00
CVE-2013-2104
python-keystoneclient < 0.2.4 - Authenticated Token Expiry Bypass
Jan 21, 2014
EPSS 0.01
CVE-2013-6419
OpenStack Havana < 2013.2.1 - Exposure of Sensitive Metadata via Spoofed Device ID
Jan 07, 2014
EPSS 0.01
CVE-2013-2030
OpenStack Nova Folsom, Grizzly, Havana - Server Spoofing via Insecure Temporary Directory
Dec 27, 2013
EPSS 0.00
CVE-2013-6428
OpenStack Heat < 2013.2 - Authenticated Tenant Restriction Bypass via Modified tenant_id
Dec 14, 2013
EPSS 0.00
CVE-2013-6426
OpenStack Heat < 2013.2 - Unauthenticated Stack Creation and Update via CloudFormation API
Dec 14, 2013
EPSS 0.00
CVE-2013-6391
OpenStack Keystone < 2013.2.1 - Privilege Escalation via EC2 Tokens API
Dec 14, 2013
EPSS 0.00
CVE-2013-6384
OpenStack Ceilometer >=2013.1 <2013.2 - Sensitive Information Exposure in Log Files
Nov 23, 2013
EPSS 0.00
CVE-2013-6858
OpenStack Horizon < 2013.2 - Cross-Site Scripting via Instance Name
Nov 23, 2013
EPSS 0.00
CVE-2013-4354
OpenStack Glance - Unauthenticated Image Injection via Tenant Manipulation
Nov 23, 2013
EPSS 0.00
CVE-2013-4497
OpenStack Compute (Nova) Folsom, Grizzly, Havana < 2013.2 - Security Group Bypass during Image Resize or Live Migration
Nov 05, 2013
EPSS 0.00
CVE-2013-4477
OpenStack Keystone Grizzly and Havana - Unauthenticated Privilege Escalation via LDAP Role Removal
Nov 02, 2013
EPSS 0.00
CVE-2013-4469
OpenStack Compute (Nova) Folsom, Grizzly, Havana - Denial of Service via QCOW2 Image Virtual Size
Nov 02, 2013
EPSS 0.00
CVE-2013-4261
OpenStack Compute (Nova) Folsom and Grizzly - Denial of Service via Apache Qpid RPC Backend Error Handling
Oct 29, 2013
EPSS 0.01
CVE-2013-4185
OpenStack Compute < 2013.1.3 - Authenticated Denial of Service via Network Security Group Policy Updates
Oct 29, 2013
EPSS 0.01
CVE-2013-4428
OpenStack Glance < 2013.1.4 / < 2013.2 - Authenticated Unrestricted Image Access
Oct 27, 2013
EPSS 0.00
CVE-2013-2013
python-keystoneclient < 0.2.4 - Exposure of Sensitive Information via Command Line Argument
Oct 01, 2013
EPSS 0.00
CVE-2013-4222
OpenStack Keystone < 2013.1.3 - Insufficiently Protected Credentials
Sep 30, 2013
EPSS 0.01
CVE-2013-4294
OpenStack Keystone 2012.2.x and < 2013.1.4 - Unauthenticated Access Restriction Bypass via Revoked PKI Token
Sep 23, 2013
EPSS 0.01
CVE-2013-4278
OpenStack Compute Folsom, Grizzly, Havana - Authenticated Arbitrary Flavor Boot via Flavor ID Guessing
Sep 16, 2013
EPSS 0.00
CVE-2013-4183
OpenStack Cinder 2013.1.1-2013.1.2 - Exposure of Sensitive Information via LVMVolumeDriver Snapshot Deletion
Sep 16, 2013
EPSS 0.00
CVE-2013-4202
OpenStack Cinder < 2013.1.3 - Denial of Service via XML Entity Expansion
Sep 16, 2013
EPSS 0.01
CVE-2013-4179
OpenStack Compute (Nova) < 2013.2 - Denial of Service via XML Entity Expansion
Sep 16, 2013
EPSS 0.01
Products
keystone 39
nova 38
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 13
compute 12
glance 12
havana 11
cinder 9
heat 7
python-keystoneclient 7
Ironic 5
barbican 5
tripleo_heat_templates 5
Keystone 4
icehouse 4
keystonemiddleware 3
trove 3
Cyborg 2
ceilometer 2
cloud_magnum_orchestration 2
designate 2
diablo 2
keystone_essex 2
magnum 2
manila 2
Quick Filters