Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat openstack-cinder vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-10755
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with th...
Redhat Openstack-cinder
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
7.5
CVSSv3
CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to lea...
Openstack Cinder
Redhat Openstack 10
Redhat Openstack 13
NA
CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.
Openstack Trove
Openstack Cinder
Openstack Nova
Redhat Openstack 5.0
Canonical Ubuntu Linux 14.04
NA
CVE-2014-7231
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove prior to 2013.2.4 and 2014.1 prior to 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.
Openstack Cinder
Openstack Nova
Openstack Trove
Redhat Openstack 5.0
NA
CVE-2013-6491
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo prior to 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote malicious users to obtain sensitive information by sniffing the network.
Redhat Openstack 3.0
Openstack Oslo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started