VYPR

Vendor CVEs

OpenStack

All CVEs

268 total · sorted by risk
  • CVE-2026-40212MedApr 10, 2026
    risk 0.35cvss 5.4epss 0.00

    OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

  • CVE-2017-16239MedNov 14, 2017
    risk 0.35cvss 6.5epss 0.01

    In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All…

  • CVE-2016-2102MedAug 22, 2017
    risk 0.35cvss 5.3epss 0.02

    HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.

  • CVE-2015-5295MedJan 20, 2016
    risk 0.35cvss 5.4epss 0.03

    The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a…

  • CVE-2013-0270MedApr 12, 2013
    risk 0.35cvss 6.5epss 0.03

    A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources…

  • CVE-2026-50589MedJun 5, 2026
    risk 0.34cvss 5.3epss 0.00

    In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.

  • CVE-2026-49299MedMay 28, 2026
    risk 0.34cvss epss 0.00

    In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to…

  • CVE-2026-34881MedMar 31, 2026
    risk 0.33cvss 5.0epss 0.00

    OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is…

  • CVE-2026-44394MedMay 28, 2026
    risk 0.32cvss 6.0epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token()…

  • CVE-2026-43000MedMay 28, 2026
    risk 0.32cvss 6.0epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The…

  • CVE-2026-42999MedMay 28, 2026
    risk 0.32cvss 6.0epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that…

  • CVE-2026-42998MedMay 28, 2026
    risk 0.32cvss 6.0epss 0.00

    An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their…

  • CVE-2015-8749MedJan 15, 2016
    risk 0.32cvss 5.9epss 0.02

    The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive…

  • CVE-2026-46447MedJun 3, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info.

  • CVE-2017-7400MedApr 3, 2017
    risk 0.31cvss 4.8epss 0.01

    OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

  • CVE-2017-7200MedMar 21, 2017
    risk 0.31cvss 5.8epss 0.02

    An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow…

  • CVE-2023-6110MedNov 17, 2024
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

  • CVE-2015-3156MedAug 11, 2017
    risk 0.29cvss 5.5epss 0.00

    The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py,…

  • CVE-2013-0266MedMar 8, 2013
    risk 0.29cvss 5.5epss 0.00

    A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading…

  • CVE-2024-47211MedOct 4, 2024
    risk 0.28cvss 5.3epss 0.01

    In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

  • CVE-2024-44082MedSep 6, 2024
    risk 0.28cvss 4.3epss 0.01

    In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to…

  • CVE-2016-8611MedJul 31, 2018
    risk 0.28cvss 4.3epss 0.02

    A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.

  • CVE-2018-14432MedJul 31, 2018
    risk 0.28cvss 5.3epss 0.02

    In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to…

  • CVE-2016-6519MedApr 21, 2017
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

  • CVE-2016-9185MedNov 4, 2016
    risk 0.28cvss 4.3epss 0.02

    In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

  • CVE-2016-4428MedJul 12, 2016
    risk 0.28cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

  • CVE-2016-0757MedApr 13, 2016
    risk 0.28cvss 4.3epss 0.01

    OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

  • CVE-2016-2140MedApr 12, 2016
    risk 0.28cvss 5.3epss 0.02

    The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

  • CVE-2012-5571MedDec 18, 2012
    risk 0.28cvss 5.4epss 0.02

    A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from…

  • CVE-2026-44917MedJun 4, 2026
    risk 0.25cvss 4.9epss 0.00

    OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template.

  • CVE-2024-28717MedApr 22, 2024
    risk 0.25cvss 4.9epss 0.01

    An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

  • CVE-2015-2687MedAug 9, 2017
    risk 0.24cvss 4.7epss 0.00

    OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

  • CVE-2015-7548LowJan 12, 2016
    risk 0.23cvss 3.5epss 0.02

    OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and…

  • CVE-2026-44919MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL.

  • CVE-2026-44916LowMay 8, 2026
    risk 0.20cvss 3.0epss 0.00

    In OpenStack Ironic before 35.0.2 (in a certain non-default configuration), instance_info['ks_template'] is rendered without sandboxing.

  • CVE-2026-33551LowApr 10, 2026
    risk 0.16cvss 3.5epss 0.00

    An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with…

  • CVE-2026-50266LowJun 4, 2026
    risk 0.14cvss 2.2epss 0.00

    In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device_owner to a value that has "network:" at the beginning ("network:dhcp" for example). The default port RBAC policies incorrectly included…

  • CVE-2025-44021LowMay 8, 2025
    risk 0.11cvss 2.8epss 0.00

    OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be…

  • CVE-2026-50221Jun 23, 2026
    risk 0.00cvss epss 0.00

    In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject…

  • CVE-2026-28370Feb 27, 2026
    risk 0.00cvss epss 0.01

    In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and…

  • CVE-2025-53448Dec 18, 2025
    risk 0.00cvss epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.

  • CVE-2024-7319Aug 2, 2024
    risk 0.00cvss epss 0.00

    An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

  • CVE-2024-40767Jul 24, 2024
    risk 0.00cvss epss 0.01

    In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of…

  • CVE-2024-1141Feb 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

  • CVE-2023-1625Sep 24, 2023
    risk 0.00cvss epss 0.01

    An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of…

  • CVE-2023-40612Aug 23, 2023
    risk 0.00cvss epss 0.00

    In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and…

  • CVE-2020-20335Jun 20, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c.

  • CVE-2023-2088May 12, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to…

  • CVE-2022-4134Mar 6, 2023
    risk 0.00cvss epss 0.00

    A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

  • CVE-2022-3277Mar 6, 2023
    risk 0.00cvss epss 0.01

    An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to…

Page 2 of 6