Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openstack 13 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-16856
In a default Red Hat Openstack Platform Director installation, openstack-octavia prior to openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log fi...
Openstack Octavia
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 12
6.5
CVSSv3
CVE-2019-10876
An issue exists in OpenStack Neutron 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes w...
Openstack Neutron
Redhat Openstack 13
Redhat Openstack 14
7.5
CVSSv3
CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea...
Openstack Cinder
Redhat Openstack 10
Redhat Openstack 13
2.8
CVSSv3
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated malicious user to tamper with images, compromising the integrity of virtual machines created using these modified images.
Openstack Glance
Redhat Openstack 13
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack 17
5.9
CVSSv3
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Openstack Barbican -
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack 13
Redhat Openstack For Ibm Power 13
Redhat Openstack For Ibm Power 16.2
Redhat Openstack 17
Redhat Openstack Platform 13.0
9.1
CVSSv3
CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a s...
Openstack Ironic-inspector
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 9
6.5
CVSSv3
CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then a...
Redhat Openstack 12
Redhat Openstack 10
Redhat Openstack 13
Openstack Neutron
Openstack Neutron 13.0.0.0
4.3
CVSSv3
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would g...
Redhat Openstack 13
Redhat Openstack 16.1
Openstack Tripleo Heat Templates
Redhat Openstack 16.2
6.5
CVSSv3
CVE-2019-9735
An issue exists in the iptables firewall module in OpenStack Neutron prior to 10.0.8, 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for exam...
Openstack Neutron
Redhat Openstack 10
Redhat Openstack 14
Redhat Openstack 13
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
Qemu Qemu -
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Redhat Openstack 9
Redhat Openstack 10
Redhat Openstack 12
Redhat Openstack 13
Redhat Openstack 8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »