Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-0208
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Openstack Essex -
Openstack Folsom -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
6.4
CVSSv2
CVE-2019-14859
A flaw was found in all python-ecdsa versions prior to 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker coul...
Python-ecdsa Project Python-ecdsa
Redhat Ceph Storage 2.0
Redhat Ceph Storage 3.0
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 15
Redhat Virtualization 4.0
6.4
CVSSv2
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests contain...
Agendaless Waitress
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
6.4
CVSSv2
CVE-2019-17134
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP req...
Opendev Octavia
Canonical Ubuntu Linux 19.04
6.4
CVSSv2
CVE-2019-15753
In OpenStack os-vif 1.15.x prior to 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of p...
Openstack Os-vif
Openstack Os-vif 1.16.0
6.4
CVSSv2
CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a s...
Openstack Ironic-inspector
Redhat Openstack 10
Redhat Openstack 13
Redhat Openstack 14
Redhat Openstack 9
6.4
CVSSv2
CVE-2015-8914
The IPTables firewall in OpenStack Neutron prior to 7.0.4 and 8.0.0 up to and including 8.1.0 allows remote malicious users to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source a...
Openstack Neutron
6.4
CVSSv2
CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana prior to 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote malicious users to bypass intended restrictions.
Openstack Havana Havana-2
Openstack Havana Havana-1
Openstack Havana
Openstack Grizzly -
Openstack Folsom -
6
CVSSv2
CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 prior to 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote us...
Qemu Qemu
Redhat Enterprise Linux 7.0
Redhat Openstack 10
Redhat Enterprise Linux 8.0
Redhat Openstack 13
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.1
6
CVSSv2
CVE-2016-9599
puppet-tripleo prior to 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resourc...
Openstack Puppet-tripleo 5.5.0
Openstack Puppet-tripleo 6.2.0
Redhat Openstack 10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »