Vulnerabilities > Openstack
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-05 | CVE-2013-0326 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products OpenStack nova base images permissions are world readable | 2.1 |
2019-11-26 | CVE-2011-4076 | Information Exposure vulnerability in Openstack Nova OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). | 4.3 |
2019-11-22 | CVE-2015-5694 | Infinite Loop vulnerability in multiple products Designate does not enforce the DNS protocol limit concerning record set sizes | 4.0 |
2019-11-12 | CVE-2012-1572 | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 5.0 |
2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |
2019-08-28 | CVE-2019-15753 | Allocation of Resources Without Limits or Throttling vulnerability in Openstack Os-Vif 1.15.0/1.15.1/1.16.0 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. | 6.4 |
2019-08-09 | CVE-2019-14433 | Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. | 6.5 |
2019-07-30 | CVE-2019-10141 | SQL Injection vulnerability in multiple products A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. | 6.4 |
2019-06-21 | CVE-2016-7404 | Information Exposure vulnerability in Openstack Magnum OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. | 7.5 |
2019-06-03 | CVE-2019-3895 | An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. | 6.8 |