Vulnerabilities > Redhat > Openstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-20 | CVE-2015-5295 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | 5.4 |
| 2016-01-08 | CVE-2015-7512 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. | 9.0 |
| 2015-01-23 | CVE-2014-9623 | Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | 4.0 |
| 2015-01-07 | CVE-2014-9493 | Permissions, Privileges, and Access Controls vulnerability in multiple products The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | 5.5 |
| 2014-10-31 | CVE-2014-8333 | Resource Management Errors vulnerability in multiple products The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | 4.0 |
| 2014-10-08 | CVE-2014-7231 | Information Exposure vulnerability in multiple products The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | 2.1 |
| 2014-10-08 | CVE-2014-7230 | Information Exposure vulnerability in multiple products The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. | 2.1 |
| 2014-08-19 | CVE-2014-4615 | Information Exposure vulnerability in multiple products The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | 5.0 |
| 2014-06-02 | CVE-2013-6470 | Improper Authentication vulnerability in Redhat Openstack 4.0 The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | 5.0 |
| 2014-04-17 | CVE-2014-0071 | Permissions, Privileges, and Access Controls vulnerability in Redhat Openstack 4.0 PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | 6.4 |