Vulnerabilities > Openstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-21 | CVE-2017-7200 | Server-Side Request Forgery (SSRF) vulnerability in Openstack Glance An SSRF issue was discovered in OpenStack Glance before Newton. | 5.8 |
| 2017-01-12 | CVE-2016-5737 | Cross-site Scripting vulnerability in Openstack Puppet-Gerrit The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | 6.1 |
| 2016-11-04 | CVE-2016-9185 | Information Exposure vulnerability in Openstack Heat In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. | 4.3 |
| 2016-10-07 | CVE-2015-5162 | Resource Management Errors vulnerability in Openstack Cinder, Glance and Nova The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | 7.5 |
| 2016-09-27 | CVE-2016-7498 | Resource Management Errors vulnerability in Openstack Compute (Nova) 13.0.0 OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | 6.5 |
| 2016-09-26 | CVE-2016-4972 | Improper Input Validation vulnerability in Openstack products OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages. | 9.8 |
| 2016-07-12 | CVE-2016-4428 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. | 5.4 |
| 2016-06-17 | CVE-2016-5363 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | 8.2 |
| 2016-06-17 | CVE-2016-5362 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | 8.2 |
| 2016-06-17 | CVE-2015-8914 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | 9.1 |