Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv2
CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and previous versions and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_...
Qemu Qemu
Redhat Openstack 4.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Openstack 5.0
Redhat Openstack 7.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
Xen Xen 4.5.0
Redhat Openstack 6.0
1 EDB exploit
5 Github repositories
3 Articles
7.5
CVSSv2
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
7.5
CVSSv2
CVE-2015-5741
The net/http library in net/http/transfer.go in Go prior to 1.4.3 does not properly parse HTTP headers, which allows remote malicious users to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
Golang Go
Redhat Openstack 7.0
Redhat Openstack 8
Redhat Enterprise Linux 7.0
7.5
CVSSv2
CVE-2013-2166
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Openstack Python-keystoneclient
Redhat Openstack 3.0
Fedoraproject Fedora 19
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2013-2167
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Openstack Python-keystoneclient
Redhat Openstack 3.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorize...
Openstack Magnum -
7.5
CVSSv2
CVE-2018-17963
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows malicious users to cause a denial of service or possibly have unspecified other impact.
Qemu Qemu
Qemu Qemu 3.1.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Virtualization 4.0
Redhat Virtualization Manager 4.3
7.5
CVSSv2
CVE-2017-16613
An issue exists in middleware.py in OpenStack Swauth up to and including 1.2.0 when used with OpenStack Swift up to and including 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log fi...
Openstack Swift
Openstack Swauth
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
Openvswitch Openvswitch 2.7.0
Debian Debian Linux 9.0
Redhat Openstack 6.0
Redhat Openstack 7.0
Redhat Openstack 8
Redhat Openstack 9
Redhat Openstack 10
Redhat Openstack 11
Redhat Virtualization 4.1
Redhat Virtualization Manager 4.1
Redhat Virtualization 4.0
7.5
CVSSv2
CVE-2016-6829
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote malicious users to obtain access via unspecified vec...
Barclamp-trove Project Barclamp-trove -
Crowbar-openstack Project Crowbar-openstack -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »