Vulnerabilities (CVE)

Vendor filter

Openstack Subscribe

Filter

203 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3830 2 Openstack, Redhat 2 Ceilometer, Openstack 2019-10-09 4.0
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.
CVE-2018-14636 1 Openstack 1 Neutron 2019-10-09 3.5
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down...
CVE-2018-14635 2 Openstack, Redhat 2 Neutron, Openstack 2019-10-09 4.0
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with...
CVE-2018-10898 2 Openstack, Redhat 2 Tripleo Heat Templates, Openstack 2019-10-09 5.8
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
CVE-2017-7543 2 Redhat, Openstack 2 Openstack, Neutron 2019-10-09 4.3
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically,...
CVE-2017-2627 2 Openstack, Redhat 2 Tripleo-common, Openstack 2019-10-09 7.2
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user...
CVE-2017-2621 2 Openstack, Redhat 2 Heat, Openstack 2019-10-09 2.1
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2017-2592 2 Openstack, Canonical 2 Oslo.middleware, Ubuntu Linux 2019-10-09 2.1
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to...
CVE-2017-15139 2 Openstack, Redhat 2 Cinder, Openstack 2019-10-09 5.0
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and...
CVE-2016-9599 2 Openstack, Redhat 2 Puppet-tripleo, Openstack 2019-10-09 6.0
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open...
CVE-2016-9590 2 Redhat, Openstack 2 Openstack, Puppet-swift 2019-10-09 4.0
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service...
CVE-2016-8611 1 Openstack 1 Glance 2019-10-09 4.0
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
CVE-2011-3147 1 Openstack 1 Nova 2019-10-09 5.0
Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.
CVE-2017-18191 2 Openstack, Redhat 2 Nova, Openstack 2019-10-03 7.8
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of...
CVE-2017-17051 1 Openstack 1 Nova 2019-10-03 4.0
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka...
CVE-2017-16239 1 Openstack 1 Nova 2019-10-03 4.0
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or...
CVE-2017-5936 2 Openstack, Canonical 2 Ubuntu Linux, Nova-lxd 2019-10-03 5.0
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.
CVE-2017-12440 1 Openstack 1 Openstack 2019-10-03 6.0
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows...
CVE-2017-1000366 9 Gnu, Redhat, Suse and 6 more 24 Glibc, Enterprise Linux, Linux Enterprise Server For Raspberry Pi and 21 more 2019-09-04 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been...
CVE-2019-15753 1 Openstack 1 Os-vif 2019-09-04 6.4
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users...