Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RedhatOpenstack

210 matches found

CVE
CVEadded 2014/06/02 3:55 p.m.54 views

CVE-2014-0040

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS
CVE
CVEadded 2018/07/30 5:29 p.m.54 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.51 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS
CVE
CVEadded 2018/04/24 1:29 a.m.50 views

CVE-2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

7.5CVSS7.5AI score0.00189EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.49 views

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

5CVSS7.3AI score0.0028EPSS
CVE
CVEadded 2016/06/30 4:59 p.m.49 views

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

8.8CVSS8.8AI score0.00108EPSS
CVE
CVEadded 2019/11/05 3:15 p.m.48 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.44 views

CVE-2014-0042

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

4.3CVSS6.8AI score0.00263EPSS
CVE
CVEadded 2016/04/11 9:59 p.m.40 views

CVE-2015-5329

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the def...

7.5CVSS7.2AI score0.00447EPSS
CVE
CVEadded 2019/12/10 2:15 p.m.39 views

CVE-2013-1793

openstack-utils openstack-db has insecure password creation

7.5CVSS7.6AI score0.00277EPSS
Total number of security vulnerabilities210