Lucene search
+L

7044 matches found

pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Compute (Nova) does not verify the virtual size of a QCOW2 image

OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...

6.9CVSS5.9AI score0.00383EPSS
Exploits0References12Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

OpenStack Nova Router metadata queries are not restricted by tenant

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

5CVSS6AI score0.01837EPSS
Exploits1References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Identity Keystone Privilege Escalation vulnerability

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

3.3CVSS6AI score0.00444EPSS
Exploits1References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

SOAPpy vulnerable to XML External Entity attacks

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

5CVSS5.9AI score0.01797EPSS
Exploits2References9Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

SOAPpy vulnerable to XXE attacks

SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted SOAP request containing a large number of nested entity references...

5CVSS6AI score0.02658EPSS
Exploits1References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Swift allows authenticated users to cause a denial of service

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...

4CVSS6AI score0.01661EPSS
Exploits1References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Tryton Directory Traversal vulnerability

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...

8.7CVSS6.1AI score0.02137EPSS
Exploits1References9Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Nova uses insecure keystone middleware tmpdir by default

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

4.3CVSS5.9AI score0.00238EPSS
Exploits0References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Neutron Improper Authentication vulnerability

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

2.1CVSS6.1AI score0.01433EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

6CVSS6.2AI score0.01992EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image

OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...

1.9CVSS6AI score0.00438EPSS
Exploits1References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

6.1CVSS6.4AI score0.00957EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/...

5.5CVSS6AI score0.02035EPSS
Exploits0References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

Web2py Reflected XSS vulnerability

Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user admin...

4.8CVSS6.3AI score0.0228EPSS
Exploits5References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Glance improper validation of the image_size_cap configuration option

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

4CVSS6AI score0.02127EPSS
Exploits0References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Glance Bypass the storage quota and Denial of service

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

4CVSS6AI score0.02844EPSS
Exploits1References16Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Image Service (Glance) vulnerable to Improper Access Control

OpenStack Image Service Glance before 2015.1.3 kilo and 11.0.x before 11.0.2 liberty, when showmultiplelocations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image...

4.3CVSS6AI score0.01466EPSS
Exploits0References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.3 views

OpenStack Swift Cross-site Scriping vulnerability

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

4.3CVSS6.1AI score0.02083EPSS
Exploits0References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Neutron Intended MAC-spoofing protection mechanism bypass

The IPTables firewall in OpenStack Neutron up to 7.0.4 and 8.x before 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via 1 a crafted DHCP discovery message or 2 crafted non-IP traffic...

8.2CVSS6.9AI score0.0324EPSS
Exploits0References17Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

OpenStack Nova denial of service through compressed disk images

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

2.1CVSS5.9AI score0.00368EPSS
Exploits0References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service

OpenStack Object Storage Swift before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service proxy-server resource consumption via a series of interrupted requests to a Large Object URL...

7.5CVSS7.1AI score0.03788EPSS
Exploits0References17Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.7 views

OpenStack Neutron Race condition vulnerability

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

3.5CVSS7.1AI score0.00963EPSS
Exploits0References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

4CVSS6AI score0.0186EPSS
Exploits0References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service

OpenStack Object Storage Swift before 2.3.1 Kilo, 2.4.x, and 2.5.x before 2.5.1 Liberty do not properly close server connections, which allows remote attackers to cause a denial of service proxy-server resource consumption via a series of interrupted requests to a Large Object URL...

7.5CVSS7.1AI score0.0382EPSS
Exploits0References20Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Web2py Cross-Site Request Forgery vulnerability

Web2py versions 2.14.5 and below was affected by CSRF Cross Site Request Forgery vulnerability, which allows an attacker to trick a logged-in administrator into performing unwanted actions i.e An attacker can trick a victim into disable the installed application just by visiting a URL...

8.8CVSS7.2AI score0.01741EPSS
Exploits5References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Cobbler vulnerable to code injection via unsafe YAML loading

The setmgmtparameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safeload function, as demonstrated using Puppet...

6.8CVSS7.2AI score0.02174EPSS
Exploits0References8Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Cinder file disclosure in image convert

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

6.8CVSS6.1AI score0.02618EPSS
Exploits0References16Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

7.7CVSS6AI score0.01647EPSS
Exploits1References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.6 views

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

7.8CVSS6.8AI score0.03062EPSS
Exploits1References17Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

5.8CVSS6.4AI score0.02034EPSS
Exploits0References9Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS7.2AI score0.0122EPSS
Exploits0References6Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Object Storage (Swift) Sensitive Data Exposure

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS7AI score0.02583EPSS
Exploits0References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

Matrix Synapse DoS

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 263 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

7.5CVSS7.1AI score0.0151EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Heat template URL information leakage

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...

3.5CVSS6AI score0.0162EPSS
Exploits0References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Loggerhead XSS via filename

Cross-site scripting XSS vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view...

3.5CVSS6.1AI score0.01814EPSS
Exploits0References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

ocrodjvu is vulnerable to Arbitrary File Modification via symlink attack

ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine...

6.2CVSS6AI score0.00314EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Openstack DBaaS (Trove) Improper Link Resolution Before File Access

The writeconfig function in trove/guestagent/datastore/experimental/mongodb/service.py, resetconfiguration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, writeconfig function in trove/guestagent/datastore/experimental/redis/service.py, writemycnf function in...

5.5CVSS6.1AI score0.00459EPSS
Exploits0References16Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.7 views

OpenStack Horizon Cross-site Scripting (XSS)

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...

4.8CVSS6.4AI score0.01054EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Swift metadata constraints are not correctly enforced

OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...

4CVSS6AI score0.03023EPSS
Exploits0References18Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Swift Unauthorized delete of versioned Swift object

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

5.5CVSS6.7AI score0.03949EPSS
Exploits0References19Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS6.3AI score0.02145EPSS
Exploits0References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles

OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

4CVSS6AI score0.01881EPSS
Exploits0References14Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

eyeD3 is vulnerable to arbitrary file modification via symlink attack

tag.py in eyeD3 aka python-eyed3 0.7.5 and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file...

4.5CVSS6AI score0.0034EPSS
Exploits0References9Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Nova Denial of Service in network source security groups

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

4CVSS6AI score0.02087EPSS
Exploits1References10Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

Cobbler Path Traversal vulnerability

Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile...

4CVSS7.3AI score0.08809EPSS
Exploits2References15Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Neutron allows remote attackers to bypass an intended DHCP-spoofing protection mechanism

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message...

8.2CVSS6.9AI score0.03411EPSS
Exploits0References13Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Nova Multiple directory traversal vulnerabilities

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted 1 tarball or 2 manifest...

6CVSS6.1AI score0.01941EPSS
Exploits0References9Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.4 views

OpenStack Nova Long server names grow nova-api log files significantly

OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...

4CVSS6AI score0.02073EPSS
Exploits1References11Affected Software1
pypa
pypa
added 2026/07/06 8:3 a.m.5 views

OpenStack Compute (Nova) Exposure of Sensitive Information to an Unauthorized Actor vulnerability

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

4.3CVSS6AI score0.01938EPSS
Exploits0References10Affected Software1
Total number of security vulnerabilities7044