Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2014-0204
OpenStack Identity (Keystone) prior to 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
Openstack Keystone
578
VMScore
CVE-2014-8750
Race condition in the VMware driver in OpenStack Compute (Nova) prior to 2014.1.4 and 2014.2 prior to 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.
Openstack Nova
Openstack Nova 2014.2
578
VMScore
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Openstack Essex -
Openstack Folsom -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
570
VMScore
CVE-2019-14859
A flaw was found in all python-ecdsa versions prior to 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker coul...
Python-ecdsa Project Python-ecdsa
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 15
Redhat Virtualization 4.0
570
VMScore
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests contain...
Agendaless Waitress
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
570
VMScore
CVE-2019-17134
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP req...
Opendev Octavia
Canonical Ubuntu Linux 19.04
570
VMScore
CVE-2019-15753
In OpenStack os-vif 1.15.x prior to 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of p...
Openstack Os-vif
Openstack Os-vif 1.16.0
570
VMScore
CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a s...
Openstack Ironic-inspector
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 9
570
VMScore
CVE-2015-8914
The IPTables firewall in OpenStack Neutron prior to 7.0.4 and 8.0.0 up to and including 8.1.0 allows remote malicious users to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source a...
Openstack Neutron
570
VMScore
CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana prior to 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote malicious users to bypass intended restrictions.
Openstack Havana Havana-2
Openstack Havana Havana-1
Openstack Havana
Openstack Grizzly -
Openstack Folsom -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »