Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-3895
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image an...
Openstack Octavia
Redhat Openstack 12
4.3
CVSSv2
CVE-2012-5625
OpenStack Compute (Nova) Folsom prior to 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows malicious users to obtain sensitive information by reading the memory of ...
Openstack Folsom 2012.2
Openstack Grizzly -
7.5
CVSSv2
CVE-2012-4456
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote malicious users to read the roles for an arbitrary user or get, create, or delete arbitrary services.
Openstack Keystone 2012.2
Openstack Keystone
4
CVSSv2
CVE-2012-4457
OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Openstack Keystone
Openstack Keystone 2012.2
4
CVSSv2
CVE-2017-8761
In OpenStack Swift up to and including 2.10.1, 2.11.0 up to and including 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are...
Openstack Swift
Openstack Swift 2.14.0
5
CVSSv2
CVE-2013-0270
OpenStack Keystone Grizzly prior to 2013.1, Folsom, and possibly earlier allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
Openstack Keystone 2013.1
Openstack Keystone
5
CVSSv2
CVE-2013-0282
OpenStack Keystone Grizzly prior to 2013.1, Folsom 2012.1.3 and previous versions, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent malicious users to bypass access restrict...
Openstack Keystone 2013.1
Openstack Keystone
3.5
CVSSv2
CVE-2018-14636
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete....
Openstack Neutron
Openstack Neutron 13.0.0
6.5
CVSSv2
CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4 and 2014.2 prior to 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Openstack Nova
Openstack Nova 2014.2
6.5
CVSSv2
CVE-2020-12690
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the ...
Openstack Keystone 16.0.0
Openstack Keystone
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »