Vulnerabilities > Openstack > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-21 | CVE-2015-1195 | Path Traversal vulnerability in Openstack Image Registry and Delivery Service (Glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. | 6.5 |
| 2015-01-15 | CVE-2014-8153 | Improper Input Validation vulnerability in multiple products The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. | 4.0 |
| 2015-01-07 | CVE-2014-9493 | Permissions, Privileges, and Access Controls vulnerability in multiple products The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | 5.5 |
| 2014-11-03 | CVE-2014-0204 | Improper Privilege Management vulnerability in Openstack Keystone 2014.1 OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | 6.5 |
| 2014-10-31 | CVE-2014-8333 | Resource Management Errors vulnerability in multiple products The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | 4.0 |
| 2014-10-17 | CVE-2014-7960 | Resource Management Errors vulnerability in Openstack Swift OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. | 4.0 |
| 2014-10-15 | CVE-2014-8750 | Race Condition vulnerability in Openstack Nova Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances. | 6.5 |
| 2014-10-02 | CVE-2014-7144 | Cryptographic Issues vulnerability in Openstack Keystonemiddleware and Python-Keystoneclient OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | 4.3 |
| 2014-10-02 | CVE-2014-6414 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | 4.0 |
| 2014-08-25 | CVE-2014-5356 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image. | 4.0 |