Vulnerabilities > Openstack

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-30	CVE-2012-5476	Information Exposure vulnerability in multiple products Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. local low complexity openstack debian CWE-200	5.5
2019-12-30	CVE-2012-5474	Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. local low complexity redhat openstack debian fedoraproject CWE-311	5.5
2019-12-10	CVE-2013-2167	Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass network low complexity openstack redhat debian CWE-345 critical	9.8
2019-12-10	CVE-2013-2166	Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass network low complexity openstack redhat fedoraproject debian CWE-326 critical	9.8
2019-12-09	CVE-2019-19687	Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. network low complexity openstack CWE-522	8.8
2019-12-05	CVE-2013-0326	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products OpenStack nova base images permissions are world readable local low complexity openstack debian CWE-732	5.5
2019-11-26	CVE-2011-4076	Information Exposure vulnerability in Openstack Nova OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). network high complexity openstack CWE-200	5.9
2019-11-22	CVE-2015-5694	Infinite Loop vulnerability in multiple products Designate does not enforce the DNS protocol limit concerning record set sizes network low complexity openstack redhat debian CWE-835	6.5
2019-11-12	CVE-2012-1572	Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space network low complexity openstack debian CWE-400	7.5
2019-11-01	CVE-2013-2255	Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. network high complexity redhat openstack debian CWE-295	5.9

Vulnerabilities > Openstack {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openstack"}]}

Vulnerabilities > Openstack