Openstack Security Vulnerabilities and Issues — Page 5 of Openstack CVE List

Lucene search

RedhatOpenstack

210 matches found

CVE•added 2014/10/08 7:55 p.m.•52 views

CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

2.1CVSS6.1AI score0.00123EPSS

CVE•added 2014/06/02 3:55 p.m.•51 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2014/10/08 7:55 p.m.•51 views

CVE-2014-7231

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

2.1CVSS6.1AI score0.00157EPSS

CVE•added 2018/04/24 1:29 a.m.•49 views

CVE-2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

7.5CVSS7.5AI score0.00189EPSS

CVE•added 2019/11/05 3:15 p.m.•48 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS

CVE•added 2016/06/30 4:59 p.m.•48 views

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

8.8CVSS8.8AI score0.00108EPSS

CVE•added 2014/06/02 3:55 p.m.•47 views

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

5CVSS7.3AI score0.0028EPSS

CVE•added 2014/06/02 3:55 p.m.•44 views

CVE-2014-0042

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

4.3CVSS6.8AI score0.00263EPSS

CVE•added 2016/04/11 9:59 p.m.•40 views

CVE-2015-5329

The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the def...

7.5CVSS7.2AI score0.00447EPSS

CVE•added 2019/12/10 2:15 p.m.•39 views

CVE-2013-1793

openstack-utils openstack-db has insecure password creation

7.5CVSS7.6AI score0.00277EPSS

Total number of security vulnerabilities210