Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2019-12-05 CVE-2013-0326 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
OpenStack nova base images permissions are world readable
local
low complexity
openstack debian CWE-732
2.1
2.1
2019-11-26 CVE-2011-4076 Information Exposure vulnerability in Openstack Nova
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password).
network
openstack CWE-200
4.3
4.3
2019-11-22 CVE-2015-5694 Infinite Loop vulnerability in multiple products
Designate does not enforce the DNS protocol limit concerning record set sizes
network
low complexity
openstack redhat debian CWE-835
4.0
4.0
2019-11-12 CVE-2012-1572 Resource Exhaustion vulnerability in multiple products
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
network
low complexity
openstack debian CWE-400
5.0
5.0
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. 		4.3
4.3
2019-08-28 CVE-2019-15753 Allocation of Resources Without Limits or Throttling vulnerability in Openstack Os-Vif 1.15.0/1.15.1/1.16.0
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network.
network
low complexity
openstack CWE-770
6.4
6.4
2019-08-09 CVE-2019-14433 Information Exposure Through an Error Message vulnerability in multiple products
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2.
network
low complexity
openstack canonical redhat debian CWE-209
6.5
6.5
2019-07-30 CVE-2019-10141 SQL Injection vulnerability in multiple products
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1.
network
low complexity
openstack redhat CWE-89
6.4
6.4
2019-06-21 CVE-2016-7404 Information Exposure vulnerability in Openstack Magnum
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances.
network
low complexity
openstack CWE-200
7.5
7.5
2019-06-03 CVE-2019-3895 An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director.
network
openstack redhat
6.8
6.8