Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service...

Denial Of Service (DoS)

openstack-neutron is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Neutron before 2014.2.4 juno and 2015.1.x before 2015.1.1 kilo, when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service L2 agent crash by adding ...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the descriptio...

Authorization Bypass

openstack-swift is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the...

Arbitrary File Read

openstack-glance is vulnerable to arbitrary file read. A flaw was found in the OpenStack Image Service glance import task action. When processing a malicious qcow2 header, glance could be tricked into reading an arbitrary file from the glance host. Only setups using the glance V2 API are affected...

Denial Of Service (DoS)

openstack-glance is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service. The VM instances performed look-ups based on an IP address filter that is not properly processed, allowing an attacker with sufficient privileges in the OpenStack installation with a large amount of VMs to cause excessive CPU consumption in the...

Session Hijacking

openstack-nova is vulnerable to session hijacking attacks. The vulnerability exists as OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users f...

Authorization Bypass

openstack-swift is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...

Denial Of Service (DoS)

openstack-glance is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the...

Arbitrary Code Execution

openstack-puppet-modules is vulnerable to arbitrary code execution. A known default password is configured in the pcsd daemon, allowing an attacker to gain access to the daemon and execute arbitrary shell commands as root...

Arbitrary File Read

redhat-access-plugin-openstack is vulnerable to arbitrary file read. The vulnerability exists as the log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...

Arbitrary File Read

openstack-glance is vulnerable to arbitrary file read attacks. The vulnerability exists as the V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the...

Denial Of Service (DoS)

openstack-neutron is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service crash via a crafted dnsnameservers value in the DNS configuration...

Information Disclosure

openstack-trove is vulnerable to information disclosure attacks. The vulnerability exists as the processutils.execute function in OpenStack Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

Information Disclosure

openstack-cinder is vulnerable to information disclosure attacks. The vulnerability exists as the 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the VMWare driver in OpenStack Compute Nova before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service resource consumption by putting the VM into the rescue...

Information Disclosure

openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as the catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint,...

Privilege Escalation

openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as it was discovered that unprivileged users could in some cases reset admin-only network attributes to their default values. This could lead to unexpected behavior or in some cases result in a denial of...

Denial Of Service (DoS)

openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as the V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same...