Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2018-05-08 CVE-2017-2592 Information Exposure Through Log Files vulnerability in multiple products
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure.
local
low complexity
openstack canonical CWE-532
5.5
2018-04-26 CVE-2016-9590 Information Exposure vulnerability in multiple products
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift).
network
low complexity
openstack redhat CWE-200
6.5
2018-04-24 CVE-2016-9599 Improper Access Control vulnerability in multiple products
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values.
network
high complexity
openstack redhat CWE-284
7.5
2018-02-19 CVE-2017-18191 An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1.
network
low complexity
openstack redhat
7.5
2018-01-03 CVE-2017-18017 Use After Free vulnerability in multiple products
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
network
low complexity
linux debian arista f5 suse opensuse openstack canonical redhat CWE-416
critical
9.8
2017-12-05 CVE-2017-17051 Resource Exhaustion vulnerability in Openstack Nova 16.0.3
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3.
network
low complexity
openstack CWE-400
8.6
2017-11-21 CVE-2017-16613 Improper Authentication vulnerability in multiple products
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1.
network
low complexity
openstack debian CWE-287
critical
9.8
2017-11-14 CVE-2017-16239 Unspecified vulnerability in Openstack Nova
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter).
network
low complexity
openstack
6.5
2017-09-21 CVE-2017-7549 Unspecified vulnerability in Openstack Instack-Undercloud 5.3.0/6.1.0/7.2.0
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files.
local
high complexity
openstack
6.4
2017-08-31 CVE-2015-5695 Resource Exhaustion vulnerability in Openstack Designate 1.0.0.0B1/1.0.0A0/2015.1.0
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
network
low complexity
openstack CWE-400
6.5