Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5252
The V3 API in OpenStack Identity (Keystone) 2014.1.x prior to 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request ...
Openstack Keystone 2014.1.2
Openstack Keystone Juno-2
Openstack Keystone 2014.1
Canonical Ubuntu Linux 14.04
Openstack Keystone Juno-1
5.5
CVSSv3
CVE-2018-18438
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
Qemu Qemu -
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
Redhat Openstack 9
Redhat Openstack 10
Redhat Openstack 12
Redhat Openstack 13
Redhat Openstack 8
7.4
CVSSv3
CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integri...
Openstack Keystone
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 10.0
Redhat Openstack Platform 16.2
9.9
CVSSv3
CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Redhat Openstack Platform 15.0
Redhat Openstack Platform 16.0
Redhat Openstack Platform 16.1
1 Article
NA
CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4 and 2014.2 prior to 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Openstack Nova
Openstack Nova 2014.2
7.8
CVSSv3
CVE-2019-3830
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
Openstack Ceilometer
Redhat Openstack 10
8
CVSSv3
CVE-2019-3895
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image an...
Openstack Octavia
Redhat Openstack 12
NA
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Openstack Essex
Openstack Nova 2011.3
NA
CVE-2012-5625
OpenStack Compute (Nova) Folsom prior to 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows malicious users to obtain sensitive information by reading the memory of ...
Openstack Folsom 2012.2
Openstack Grizzly -
NA
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.
Redhat Openstack 3.0
Openstack Oslo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »