VYPR

Openstack

by Red Hat

Source repositories

CVEs (107)

  • CVE-2014-9623Jan 23, 2015
    risk 0.00cvss epss 0.03

    OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

  • CVE-2014-9493Jan 7, 2015
    risk 0.00cvss epss 0.03

    The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

  • CVE-2014-7821Nov 24, 2014
    risk 0.00cvss epss 0.04

    OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

  • CVE-2014-3615Nov 1, 2014
    risk 0.00cvss epss 0.00

    The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

  • CVE-2014-8333Oct 31, 2014
    risk 0.00cvss epss 0.02

    The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

  • CVE-2014-3708Oct 31, 2014
    risk 0.00cvss epss 0.03

    OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

  • CVE-2014-7231Oct 8, 2014
    risk 0.00cvss epss 0.01

    The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

  • CVE-2014-7230Oct 8, 2014
    risk 0.00cvss epss 0.00

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

  • CVE-2014-3621Oct 2, 2014
    risk 0.00cvss epss 0.02

    The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

  • CVE-2014-4615Aug 19, 2014
    risk 0.00cvss epss 0.03

    The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the…

  • CVE-2014-0042Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via…

  • CVE-2014-0041Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

  • CVE-2014-0040Jun 2, 2014
    risk 0.00cvss epss 0.01

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

  • CVE-2013-6470Jun 2, 2014
    risk 0.00cvss epss 0.02

    The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

  • CVE-2014-0071Apr 17, 2014
    risk 0.00cvss epss 0.02

    PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

  • CVE-2013-6491Feb 2, 2014
    risk 0.00cvss epss 0.02

    The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-6391Dec 14, 2013
    risk 0.00cvss epss 0.02

    The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and…

  • CVE-2013-4214Nov 23, 2013
    risk 0.00cvss epss 0.00

    rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

  • CVE-2013-2029Nov 23, 2013
    risk 0.00cvss epss 0.00

    nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

  • CVE-2013-4386Nov 20, 2013
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

Page 5 of 6