Lucene search
K
RedhatOpenstack

210 matches found

CVE
CVE
added 2013/09/16 7:0 p.m.67 views

CVE-2013-4180

The CVE-2013-4180 issue affects Foreman prior to 1.2.2, where the HostController’s power and ipmi_boot actions allow remote attackers to trigger a denial-of-service via input converted to a symbol, causing memory consumption. Affected version range is Foreman

5CVSS6.9AI score0.02413EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.67 views

CVE-2014-0040

CVE-2014-0040 affects OpenStack Heat Templates (heat-templates) as used in Red Hat OpenStack Platform 4.0. The root cause is HTTP downloads of packages and signing keys via Yum, enabling MITM attackers to block or tamper updates. Red Hat’s RHSA-2014:0579 fixes this (and related CVEs 0041, 0042) b...

4.3CVSS6.6AI score0.01466EPSS
CVE
CVE
added 2014/10/08 7:0 p.m.67 views

CVE-2014-7230

CVE-2014-7230 affects OpenStack components (oslo-incubator, Cinder, Nova, Trove). The vulnerability arises in processutils.execute where certain commands that trigger a ProcessExecutionError may write passwords to logs, allowing local attackers to read them. Mitigations involve upgrading to upstr...

2.1CVSS6.1AI score0.00469EPSS
CVE
CVE
added 2016/04/15 5:0 p.m.67 views

CVE-2015-5271

CVE-2015-5271 affects TripleO Heat templates: the swiftproxy pipeline does not properly order Keystone before Swift staticweb middleware when staticweb is enabled, potentially allowing remote attackers to obtain sensitive information from private containers via unspecified vectors. This is docume...

7.5CVSS7.1AI score0.02415EPSS
CVE
CVE
added 2018/04/23 9:0 p.m.64 views

CVE-2016-9599

puppet-tripleo vulnerable to an access-control flaw in IPtables rules management prior to versions 5.5.0 and 6.2.0. The issue allows creation of TCP/UDP rules with empty port values, which can be exploited to access unauthorized resources when SSL is enabled. Affected component: puppet-tripleo IP...

7.5CVSS7.5AI score0.00852EPSS
CVE
CVE
added 2019/11/05 2:7 p.m.62 views

CVE-2013-6461

Nokogiri gem versions 1.5.x and 1.6.x are affected by a DoS vulnerability when parsing XML entities due to failing to apply limits. The issue is described across multiple connected sources (SUSE, Ubuntu, Debian security trackers, RubyGems advisories, and NVD). The CVE entry itself lists DoS as th...

6.5CVSS6.4AI score0.02194EPSS
CVE
CVE
added 2016/06/30 4:0 p.m.60 views

CVE-2016-4474

CVE-2016-4474 affects Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) overcloud-full images. The image build process uses a default root password (ROOTPW/rootpw), enabling potential remote root access via unspecified vectors. Red Hat ad...

8.8CVSS8.8AI score0.00846EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.58 views

CVE-2014-0042

CVE-2014-0042 affects OpenStack Heat Templates (heat-templates) as used in Red Hat Enterprise Linux OpenStack Platform 4.0. The issue is that certain heat templates disable GPG signature checking by setting gpgcheck=0, allowing potential MITM-style package tampering during downloads. Red Hat’s RH...

4.3CVSS6.8AI score0.01466EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.53 views

CVE-2015-5329

The CVE-2015-5329 issue affects TripleO Heat templates (tripleo-heat-templates) used with Red Hat Enterprise Linux OpenStack Platform 7.0. The root cause is improper use of RabbitMQ credentials, leading deployed overcloud services to be accessible with default credentials (guest/guest). Descripti...

7.5CVSS7.2AI score0.01517EPSS
CVE
CVE
added 2019/12/10 1:17 p.m.52 views

CVE-2013-1793

CVE-2013-1793 concerns openstack-utils and openstack-db with insecure password creation. The available connected documents confirm the affected components but do not provide remediation details. NVD metrics indicate a Network attack vector with no authentication required, and a high impact on con...

7.5CVSS7.6AI score0.01026EPSS
Total number of security vulnerabilities210