CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2017/02/14 10:48 p.m.•24 views

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

5.9CVSS3.5AI score0.00044EPSS

RedhatCVE•added 2017/02/14 10:18 p.m.•32 views

CVE-2017-2627

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...

8.2CVSS2.3AI score0.00074EPSS

CNVD•added 2017/02/14 12:0 a.m.•2 views

OpenStack oslo.middleware Information Disclosure Vulnerability

OpenStack is a cloud platform management project. openStack oslo.middleware is one of the middleware used in wsgi pipelines to intercept request or response flows. A security vulnerability in OpenStack oslo.middleware allows remote attackers to submit special requests to obtain sensitive...

5.9CVSS6.8AI score0.00093EPSS

UbuntuCve•added 2017/02/08 12:0 a.m.•28 views

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...

7.5CVSS7.1AI score0.02467EPSS

Exploits0References2

OSV•added 2017/02/08 12:0 a.m.•0 views

UBUNTU-CVE-2017-5936

7.5CVSS7.1AI score0.02467EPSS

RedhatCVE•added 2017/01/30 11:48 a.m.•18 views

CVE-2017-2592

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...

5.9CVSS2.8AI score0.00093EPSS

RedHat Linux•added 2017/01/26 4:41 p.m.•3 views

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

6.5CVSS5.8AI score0.00281EPSS

Exploits0References4

RedHat Linux•added 2017/01/26 4:41 p.m.•57 views

Moderate: Red Hat Security Advisory: puppet-swift security update

An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.5AI score0.00281EPSS

Exploits0References2

RedHat Linux•added 2017/01/19 1:22 p.m.•1 views

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...

7.8CVSS5.7AI score0.0361EPSS

RedHat Linux•added 2017/01/19 1:22 p.m.•37 views

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.8CVSS6.6AI score0.0361EPSS

Exploits1References2

RedHat Linux•added 2017/01/19 1:20 p.m.•1 views

openstack-nova/glance/cinder: Malicious image may exhaust resources

7.8CVSS5.7AI score0.0361EPSS

RedHat Linux•added 2017/01/19 1:20 p.m.•40 views

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.8CVSS6.6AI score0.0361EPSS

Exploits1References2

RedHat Linux•added 2017/01/19 1:19 p.m.•36 views

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

7.8CVSS6.6AI score0.0361EPSS

RedHat Linux•added 2017/01/19 1:19 p.m.•0 views

openstack-nova/glance/cinder: Malicious image may exhaust resources

7.8CVSS5.7AI score0.0361EPSS

CNVD•added 2017/01/18 12:0 a.m.•1 views

OpenStack Swift Information Disclosure Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. Swift a.k.a. Object Storage is one of these programs for storing permanent static data Storage project. A remote information disclosure...

6.5CVSS6.3AI score0.00281EPSS

NVD•added 2017/01/12 11:59 p.m.•15 views

CVE-2016-5737

The Gerrit configuration in the Openstack Puppet module for Gerrit aka puppet-gerrit improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting XSS attacks via a crafted review...

6.1CVSS6AI score0.00309EPSS

OSV•added 2017/01/12 11:59 p.m.•15 views

CVE-2016-5737

6.1CVSS5.9AI score

Prion•added 2017/01/12 11:59 p.m.•17 views

Cross site scripting

4.3CVSS6.1AI score0.00309EPSS