Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number...
Openstack Nova Folsom
Openstack Nova 2012.1
Openstack Nova 2011.3
NA
CVE-2012-3361
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Openstack Essex 2012.1
Openstack Folsom 2012.2
Openstack Diablo 2011.3
8.2
CVSSv3
CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allo...
Redhat Openstack 10
Redhat Openstack 11
Openstack Tripleo-common -
NA
CVE-2014-0134
The instance rescue mode in OpenStack Compute (Nova) 2013.2 prior to 2013.2.3 and Icehouse prior to 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk ...
Openstack Compute 2013.2
Openstack Compute 2013.2.1
Openstack Compute 2013.2.2
NA
CVE-2013-2161
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows malicious users to trigger invalid or spoofed Swift responses via an account name.
Opensuse Opensuse 12.3
Openstack Grizzly -
Openstack Folsom -
Openstack Havana -
NA
CVE-2012-3371
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repea...
Openstack Compute 2012.2
Openstack Essex 2012.1
Openstack Folsom 2012.2
6.5
CVSSv3
CVE-2015-5695
Designate 2015.1.0 up to and including 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote malicious users to cause a denial of service (infinite ...
Openstack Designate 2015.1.0
Openstack Designate 1.0.0.0b1
Openstack Designate 1.0.0a0
NA
CVE-2015-5240
Race condition in OpenStack Neutron prior to 2014.2.4 and 2015.1 prior to 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: befor...
Openstack Neutron 2015.1.1
Openstack Neutron 2014.2.3
Openstack Neutron 2015.1.0
NA
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 prior to 2014.2.4 and 2015.1.x prior to 2015.1.1 allows remote malicious users to inject arbitrary web script or HTML via the description parameter in a heat templa...
Debian Debian Linux 8.0
Openstack Horizon 2014.2.0
Openstack Horizon 2014.2.1
Openstack Horizon 2015.1.0
Openstack Horizon 2014.2.2
Openstack Horizon 2014.2.3
Oracle Solaris 11.2
7.8
CVSSv3
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a...
Suse Openstack Cloud 8.0
Suse Openstack Cloud Crowbar 8.0
Suse Openstack Cloud Crowbar 9.0
Suse Openstack Cloud 9.0
Suse Openstack Cloud 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »