Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2019-03-13 CVE-2019-9735 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat debian CWE-755
6.5
6.5
2018-12-17 CVE-2018-20170 Information Exposure vulnerability in Openstack Keystone
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request.
network
low complexity
openstack CWE-200
5.3
5.3
2018-09-10 CVE-2018-14636 Unspecified vulnerability in Openstack Neutron
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor.
network
high complexity
openstack
5.3
5.3
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
6.5
2018-08-27 CVE-2017-15139 Information Exposure vulnerability in multiple products
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data.
network
low complexity
openstack redhat CWE-200
7.5
7.5
2018-08-22 CVE-2017-2627 Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.
local
low complexity
redhat openstack CWE-22
8.2
8.2
2018-07-31 CVE-2016-8611 Unspecified vulnerability in Openstack Glance
A vulnerability was found in Openstack Glance.
network
low complexity
openstack
6.5
6.5
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
network
high complexity
debian redhat openstack CWE-200
5.3
5.3
2018-07-30 CVE-2018-10898 Use of Hard-coded Credentials vulnerability in multiple products
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40.
low complexity
redhat openstack CWE-798
8.8
8.8
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5
5.5