Vulnerabilities > Openstack
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-21 | CVE-2016-6519 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | 5.4 |
2017-04-12 | CVE-2017-5936 | Security Bypass vulnerability in OpenStack Nova-LXD OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | 5.0 |
2017-04-03 | CVE-2017-7400 | Cross-site Scripting vulnerability in Openstack Horizon OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | 3.5 |
2017-03-29 | CVE-2015-8234 | Cryptographic Issues vulnerability in Openstack Glance 11.0.0 The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision. | 4.3 |
2017-03-21 | CVE-2017-7214 | Information Exposure Through Log Files vulnerability in Openstack Nova An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. | 5.0 |
2017-03-21 | CVE-2017-7200 | Server-Side Request Forgery (SSRF) vulnerability in Openstack Glance An SSRF issue was discovered in OpenStack Glance before Newton. | 5.0 |
2017-01-12 | CVE-2016-5737 | Cross-site Scripting vulnerability in Openstack Puppet-Gerrit The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. | 4.3 |
2016-11-04 | CVE-2016-9185 | Information Exposure vulnerability in Openstack Heat In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. | 4.0 |
2016-10-07 | CVE-2015-5162 | Resource Management Errors vulnerability in Openstack Cinder, Glance and Nova The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image. | 7.5 |
2016-09-27 | CVE-2016-7498 | Resource Management Errors vulnerability in Openstack Compute (Nova) 13.0.0 OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. | 6.5 |