Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack cloud vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue a...
Suse Openstack Cloud 8.0
Suse Openstack Cloud Crowbar 8.0
Suse Openstack Cloud Crowbar 9.0
Suse Openstack Cloud 9.0
Suse Openstack Cloud 7.0
8.8
CVSSv3
CVE-2018-1000603
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and previous versions in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrate...
Jenkins Openstack Cloud
8.8
CVSSv3
CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access...
Suse Openstack Cloud 8.0
Suse Keystone-json-assignment
Hp Helion Openstack 8.0
7.5
CVSSv3
CVE-2018-12116
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-define...
Nodejs Node.js
Suse Suse Linux Enterprise Server 12
Suse Suse Enterprise Storage 4
Suse Suse Openstack Cloud 7
Suse Suse Openstack Cloud 8
Suse Suse Linux Enterprise Server 15
2 Github repositories
7.5
CVSSv3
CVE-2018-12122
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
Nodejs Node.js
Suse Suse Linux Enterprise Server 12
Suse Suse Enterprise Storage 4
Suse Suse Openstack Cloud 7
Suse Suse Openstack Cloud 8
Suse Suse Linux Enterprise Server 15
1 Github repository
7.5
CVSSv3
CVE-2019-16786
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separ...
Agendaless Waitress
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
8.2
CVSSv3
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests contain...
Agendaless Waitress
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
7.5
CVSSv3
CVE-2019-16785
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.&quo...
Agendaless Waitress
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
8
CVSSv3
CVE-2019-3895
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image an...
Openstack Octavia
Redhat Openstack 12
7.5
CVSSv3
CVE-2015-7546
The identity service in OpenStack Identity (Keystone) prior to 2015.1.3 (Kilo) and 8.0.x prior to 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) prior to 1.5.4 (Kilo) and Liberty prior to 2.3.3 does not properly invalidate authorization tokens when using ...
Openstack Keystonemiddleware
Openstack Keystone
Oracle Solaris 11.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »