Vulnerabilities > Openstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9
2019-08-09 CVE-2019-14433 Information Exposure Through an Error Message vulnerability in multiple products
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2.
network
low complexity
openstack canonical redhat debian CWE-209
6.5
2019-04-05 CVE-2019-10876 An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat
6.5
2019-03-13 CVE-2019-9735 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3.
network
low complexity
openstack redhat debian CWE-755
6.5
2018-12-17 CVE-2018-20170 Information Exposure vulnerability in Openstack Keystone
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request.
network
low complexity
openstack CWE-200
5.3
2018-09-10 CVE-2018-14636 Unspecified vulnerability in Openstack Neutron
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor.
network
high complexity
openstack
5.3
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
2018-07-31 CVE-2016-8611 Unspecified vulnerability in Openstack Glance
A vulnerability was found in Openstack Glance.
network
low complexity
openstack
6.5
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
network
high complexity
debian redhat openstack CWE-200
5.3
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5