Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated malicious user to tamper with images, compromising the integrity of virtual machines created using these modified images.
Openstack Glance
Redhat Openstack 13
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack 17
6.4
CVSSv2
CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a s...
Openstack Ironic-inspector
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 9
5.5
CVSSv2
CVE-2021-20267
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial o...
Openstack Neutron 18.0.0
Openstack Neutron
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 16.2
7.5
CVSSv2
CVE-2016-4972
OpenStack Murano prior to 1.0.3 (liberty) and 2.x prior to 2.0.1 (mitaka), Murano-dashboard prior to 1.0.3 (liberty) and 2.x prior to 2.0.1 (mitaka), and python-muranoclient prior to 0.7.3 (liberty) and 0.8.x prior to 0.8.5 (mitaka) improperly use loaders inherited from yaml.Load...
Openstack Murano
Openstack Mitaka-murano
Openstack Python-muranoclient
Openstack Murano-dashboard
5
CVSSv2
CVE-2018-16856
In a default Red Hat Openstack Platform Director installation, openstack-octavia prior to openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log fi...
Openstack Octavia
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 12
2.1
CVSSv2
CVE-2013-2096
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of...
Openstack Grizzly -
Openstack Havana -
Openstack Folsom -
2.1
CVSSv2
CVE-2013-4463
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix fo...
Openstack Havana -
Openstack Grizzly -
Openstack Folsom -
1.9
CVSSv2
CVE-2013-4469
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual si...
Openstack Havana -
Openstack Grizzly -
Openstack Folsom -
6
CVSSv2
CVE-2014-0105
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) prior to 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large num...
Openstack Python-keystoneclient 0.2.3
Openstack Python-keystoneclient 0.2.2
Openstack Python-keystoneclient 0.3.0
Openstack Python-keystoneclient 0.3.1
Openstack Python-keystoneclient 0.3.2
Openstack Python-keystoneclient
Openstack Python-keystoneclient 0.2.4
4.9
CVSSv2
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1.1
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »