Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1.1
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
7.5
CVSSv3
CVE-2013-1793
openstack-utils openstack-db has insecure password creation
Redhat Openstack 2.1
Redhat Openstack 3.0
Redhat Openstack 4.0
Redhat Openstack Essex -
5
CVSSv3
CVE-2023-1625
An information leak exists in OpenStack heat. This issue could allow a remote, authenticated malicious user to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availabilit...
Openstack Heat -
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 16.2
Redhat Openstack Platform 17.0
5.9
CVSSv3
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Openstack Barbican -
Redhat Openstack 16.1
Redhat Openstack 16.2
Redhat Openstack For Ibm Power 16.1
Redhat Openstack 13
Redhat Openstack For Ibm Power 13
Redhat Openstack For Ibm Power 16.2
Redhat Openstack 17
Redhat Openstack Platform 13.0
4.3
CVSSv3
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would g...
Redhat Openstack 13
Redhat Openstack 16.1
Openstack Tripleo Heat Templates
Redhat Openstack 16.2
NA
CVE-2014-3555
OpenStack Neutron prior to 2013.2.4, 2014.x prior to 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
Openstack Neutron 2014.1
Openstack Neutron 2014.1.1
Openstack Neutron Juno-1
Openstack Neutron 2013.2.4
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
6.5
CVSSv3
CVE-2019-10876
An issue exists in OpenStack Neutron 11.x prior to 11.0.7, 12.x prior to 12.0.6, and 13.x prior to 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes w...
Openstack Neutron
Redhat Openstack 13
Redhat Openstack 14
7.5
CVSSv3
CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea...
Openstack Cinder
Redhat Openstack 10
Redhat Openstack 13
6.5
CVSSv3
CVE-2022-3277
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were...
Redhat Openstack Platform 16.1
Redhat Openstack Platform 13.0
Redhat Openstack Platform 16.2
Openstack Neutron
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »