Vulnerabilities > Openstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-13 | CVE-2015-8466 | Improper Input Validation vulnerability in multiple products Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | 5.8 |
| 2015-10-26 | CVE-2015-5223 | Information Exposure vulnerability in Openstack Swift OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | 5.0 |
| 2015-08-20 | CVE-2015-3219 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. | 4.3 |
| 2015-08-14 | CVE-2015-3289 | Resource Management Errors vulnerability in Openstack Glance OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them. | 4.0 |
| 2015-06-25 | CVE-2015-1851 | Information Exposure vulnerability in multiple products OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. | 6.8 |
| 2015-05-12 | CVE-2015-3646 | Information Exposure vulnerability in multiple products OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | 4.0 |
| 2015-04-17 | CVE-2015-1856 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | 5.5 |
| 2015-02-24 | CVE-2015-1881 | Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. | 4.0 |
| 2015-02-24 | CVE-2014-9684 | Resource Management Errors vulnerability in Openstack Image Registry and Delivery Service (Glance) 2014.2/2014.2.1/2014.2.2 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. | 4.0 |
| 2015-01-23 | CVE-2014-9623 | Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | 4.0 |