VYPR
Vendor

Ganeti

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2015-7944HigAug 18, 2017
    risk 0.53cvss 7.5epss 0.14

    The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a…

  • CVE-2015-7945HigAug 18, 2017
    risk 0.52cvss 7.5epss 0.09

    The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance…

  • CVE-2014-5247Aug 29, 2014
    risk 0.00cvss epss 0.00

    The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other…

  • CVE-2009-4261Dec 21, 2009
    risk 0.00cvss epss 0.03

    Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote…