Vulnerabilities > Openstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-31 | CVE-2021-40085 | An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. | 4.0 |
| 2021-06-02 | CVE-2017-8761 | Information Exposure vulnerability in Openstack Swift In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. | 4.0 |
| 2020-12-04 | CVE-2020-29565 | Open Redirect vulnerability in multiple products An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. | 5.8 |
| 2020-08-26 | CVE-2020-17376 | XXE vulnerability in Openstack Nova An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. | 6.5 |
| 2020-05-07 | CVE-2020-12692 | Authentication Bypass by Capture-replay vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 5.5 |
| 2020-03-12 | CVE-2020-9543 | Incorrect Default Permissions vulnerability in Openstack Manila OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. | 6.5 |
| 2019-11-26 | CVE-2011-4076 | Information Exposure vulnerability in Openstack Nova OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). | 4.3 |
| 2019-11-22 | CVE-2015-5694 | Infinite Loop vulnerability in multiple products Designate does not enforce the DNS protocol limit concerning record set sizes | 4.0 |
| 2019-11-12 | CVE-2012-1572 | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 5.0 |
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |