Vulnerabilities > Redhat > Openstack > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-12-10 | CVE-2013-2167 | Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | 9.8 |
2019-12-10 | CVE-2013-2166 | Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | 9.8 |
2019-12-10 | CVE-2013-1793 | Missing Authentication for Critical Function vulnerability in Redhat Openstack and Openstack Essex openstack-utils openstack-db has insecure password creation | 5.0 |
2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 4.3 |
2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 4.3 |
2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |
2014-02-06 | CVE-2013-6393 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | 6.8 |
2014-02-02 | CVE-2013-6491 | Cryptographic Issues vulnerability in multiple products The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |
2013-10-29 | CVE-2013-4261 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | 3.5 |
2013-10-29 | CVE-2013-4185 | Cryptographic Issues vulnerability in multiple products Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | 4.0 |