VYPR

Vendor CVEs

OpenStack

All CVEs

268 total · sorted by risk
  • CVE-2026-41283CriJun 4, 2026
    risk 0.64cvss 9.9epss 0.01

    OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

  • CVE-2016-6829CriDec 9, 2016
    risk 0.64cvss 9.8epss 0.02

    The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.

  • CVE-2015-8914CriJun 17, 2016
    risk 0.59cvss 9.1epss 0.04

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

  • CVE-2026-22797CriJan 19, 2026
    risk 0.57cvss 9.9epss 0.00

    An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0…

  • CVE-2018-10898HigJul 30, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

  • CVE-2017-16613CriNov 21, 2017
    risk 0.57cvss 9.8epss 0.08

    An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a…

  • CVE-2017-7214CriMar 21, 2017
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization…

  • CVE-2016-4972CriSep 26, 2016
    risk 0.57cvss 9.8epss 0.03

    OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when…

  • CVE-2013-0261HigMar 8, 2013
    risk 0.57cvss 8.8epss 0.00

    A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data…

  • CVE-2012-4406CriOct 22, 2012
    risk 0.57cvss 9.8epss 0.07

    OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

  • CVE-2016-4383HigJun 27, 2017
    risk 0.55cvss 8.4epss 0.03

    The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.

  • CVE-2017-1000366HigJun 19, 2017
    risk 0.54cvss 7.8epss 0.03

    glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent…

  • CVE-2016-5362HigJun 17, 2016
    risk 0.54cvss 8.2epss 0.03

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

  • CVE-2026-22420HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Horizon horizon allows PHP Local File Inclusion.This issue affects Horizon: from n/a through <= 1.1.

  • CVE-2017-15114HigNov 27, 2017
    risk 0.53cvss 8.1epss 0.02

    When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is…

  • CVE-2025-65073HigNov 17, 2025
    risk 0.49cvss 7.5epss 0.00

    OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

  • CVE-2024-53916HigNov 25, 2024
    risk 0.49cvss 7.5epss 0.01

    In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change (add and clear) tags on network objects that do not…

  • CVE-2024-28716HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

  • CVE-2017-15139HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to…

  • CVE-2017-17051HigDec 5, 2017
    risk 0.49cvss 8.6epss 0.02

    An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations.…

  • CVE-2015-5271HigApr 15, 2016
    risk 0.49cvss 7.5epss 0.02

    The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to…

  • CVE-2016-0738HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.04

    OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large…

  • CVE-2016-0737HigJan 29, 2016
    risk 0.49cvss 7.5epss 0.04

    OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

  • CVE-2026-44393HigJun 4, 2026
    risk 0.48cvss 7.4epss 0.00

    An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does…

  • CVE-2015-5329HigApr 11, 2016
    risk 0.48cvss 7.3epss 0.02

    The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging…

  • CVE-2015-8466HigJan 13, 2016
    risk 0.48cvss 7.4epss 0.02

    Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

  • CVE-2016-5363HigJun 17, 2016
    risk 0.47cvss 8.2epss 0.03

    The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2)…

  • CVE-2026-49017HigMay 27, 2026
    risk 0.46cvss epss 0.00

    In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to…

  • CVE-2026-43003HigMay 1, 2026
    risk 0.45cvss 8.0epss 0.01

    An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image.

  • CVE-2025-53122MedJun 26, 2025
    risk 0.45cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.  Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon…

  • CVE-2025-53121MedJun 26, 2025
    risk 0.45cvss epss 0.00

    Multiple stored XSS were found on different nodes with unsanitized parameters in OpenMNS Horizon 33.0.8 and versions earlier than 33.1.6 on multiple platforms that allow an attacker to store on database and then inject HTML and/or Javascript on the page. The solution is to…

  • CVE-2026-54421MedJun 14, 2026
    risk 0.44cvss 6.8epss 0.00

    In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensitive information (such as iSCSI credentials). The PATCH outcome is a security issue; the POST outcome is not a security…

  • CVE-2026-43001HigMay 1, 2026
    risk 0.44cvss 7.9epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted…

  • CVE-2026-40683HigApr 14, 2026
    risk 0.43cvss 7.7epss 0.00

    In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean…

  • CVE-2017-7549MedSep 21, 2017
    risk 0.42cvss 6.4epss 0.00

    A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local…

  • CVE-2015-5695MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a…

  • CVE-2017-12440HigAug 18, 2017
    risk 0.42cvss 7.5epss 0.02

    Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with…

  • CVE-2015-7514MedJun 7, 2017
    risk 0.42cvss 6.5epss 0.02

    OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.

  • CVE-2017-5936HigApr 12, 2017
    risk 0.42cvss 7.5epss 0.03

    OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

  • CVE-2015-5162HigOct 7, 2016
    risk 0.42cvss 7.5epss 0.03

    The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted…

  • CVE-2016-7498MedSep 27, 2016
    risk 0.42cvss 6.5epss 0.02

    OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a…

  • CVE-2015-5303HigApr 11, 2016
    risk 0.42cvss 7.5epss 0.02

    The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

  • CVE-2015-7546HigFeb 3, 2016
    risk 0.42cvss 7.5epss 0.02

    The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI…

  • CVE-2017-12155MedDec 12, 2017
    risk 0.41cvss 6.3epss 0.00

    A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker…

  • CVE-2016-5737MedJan 12, 2017
    risk 0.40cvss 6.1epss 0.01

    The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.

  • CVE-2026-55748modJun 17, 2026
    risk 0.39cvss 6.0epss 0.00

    OpenStack Horizon: OpenStack Horizon: Information disclosure or integrity compromise via crafted project name with shell metacharacters

  • CVE-2026-48681MedJun 4, 2026
    risk 0.38cvss 5.9epss 0.01

    OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

  • CVE-2017-2622MedJul 27, 2018
    risk 0.38cvss 5.9epss 0.00

    An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

  • CVE-2015-8234MedMar 29, 2017
    risk 0.36cvss 5.5epss 0.01

    The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

  • CVE-2026-46448MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

Page 1 of 6