Vulnerabilities > Openstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 5.9 |
| 2019-08-09 | CVE-2019-14433 | Information Exposure Through an Error Message vulnerability in multiple products An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. | 6.5 |
| 2019-04-05 | CVE-2019-10876 | An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. | 6.5 |
| 2019-03-13 | CVE-2019-9735 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. | 6.5 |
| 2018-12-17 | CVE-2018-20170 | Information Exposure vulnerability in Openstack Keystone OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. | 5.3 |
| 2018-09-10 | CVE-2018-14636 | Unspecified vulnerability in Openstack Neutron Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. | 5.3 |
| 2018-09-10 | CVE-2018-14635 | Improper Input Validation vulnerability in multiple products When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. | 6.5 |
| 2018-07-31 | CVE-2016-8611 | Resource Exhaustion vulnerability in Openstack Glance A vulnerability was found in Openstack Glance. | 6.5 |
| 2018-07-31 | CVE-2018-14432 | Information Exposure vulnerability in multiple products In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. | 5.3 |
| 2018-07-27 | CVE-2017-2621 | Files or Directories Accessible to External Parties vulnerability in multiple products An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |