Vulnerabilities > Openstack > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-38598 | Authentication Bypass by Spoofing vulnerability in Openstack Neutron OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. | 9.1 |
| 2020-10-16 | CVE-2020-26943 | Unspecified vulnerability in Openstack Blazar-Dashboard An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. | 9.9 |
| 2019-12-10 | CVE-2013-2167 | Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | 9.8 |
| 2019-12-10 | CVE-2013-2166 | Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | 9.8 |
| 2019-08-28 | CVE-2019-15753 | Allocation of Resources Without Limits or Throttling vulnerability in Openstack Os-Vif 1.15.0/1.15.1/1.16.0 In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. | 9.1 |
| 2019-07-30 | CVE-2019-10141 | SQL Injection vulnerability in multiple products A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. | 9.1 |
| 2019-06-21 | CVE-2016-7404 | Information Exposure vulnerability in Openstack Magnum OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. | 9.8 |
| 2018-01-03 | CVE-2017-18017 | Use After Free vulnerability in multiple products The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | 9.8 |
| 2017-11-21 | CVE-2017-16613 | Improper Authentication vulnerability in multiple products An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. | 9.8 |
| 2017-03-21 | CVE-2017-7214 | Information Exposure Through Log Files vulnerability in Openstack Nova An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. | 9.8 |