Search
Search Results (272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7404 | 1 Openstack | 1 Magnum | 2024-11-21 | N/A |
| OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. | ||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 3.3 Low |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | ||||
| CVE-2015-5694 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Designate, Enterprise Linux Openstack Platform | 2024-11-21 | 6.5 Medium |
| Designate does not enforce the DNS protocol limit concerning record set sizes | ||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-11-21 | 5.9 Medium |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | ||||
| CVE-2013-2167 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Python-keystoneclient, Openstack | 2024-11-21 | 9.8 Critical |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass | ||||
| CVE-2013-2166 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Python-keystoneclient and 1 more | 2024-11-21 | 9.8 Critical |
| python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | ||||
| CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 5.5 Medium |
| OpenStack nova base images permissions are world readable | ||||
| CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-11-21 | 5.5 Medium |
| Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | ||||
| CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 5.5 Medium |
| The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | ||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2024-11-21 | 7.5 High |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | ||||
| CVE-2011-4076 | 1 Openstack | 1 Nova | 2024-11-21 | 5.9 Medium |
| OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY. | ||||
| CVE-2011-3147 | 1 Openstack | 1 Nova | 2024-11-21 | 8.6 High |
| Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem. | ||||