Openstack@13 Security Vulnerabilities and Issues — Page 2 of Openstack@13 CVE List

Lucene search

RedhatOpenstack13

60 matches found

CVE•added 2019/03/13 2:29 a.m.•78 views

CVE-2019-9735

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authentic...

6.5CVSS6.1AI score0.02003EPSS

CVE•added 2023/03/06 11:15 p.m.•78 views

CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

2.8CVSS3.6AI score0.00091EPSS

CVE•added 2019/07/30 5:15 p.m.•77 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspecti...

9.1CVSS8.8AI score0.00901EPSS

CVE•added 2018/10/19 10:29 p.m.•76 views

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

5.5CVSS7.1AI score0.00115EPSS

CVE•added 2018/07/31 2:29 p.m.•72 views

CVE-2018-14432

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all proje...

5.3CVSS4.8AI score0.012EPSS

CVE•added 2019/03/26 6:29 p.m.•72 views

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing...

7.5CVSS7.3AI score0.00267EPSS

CVE•added 2017/12/08 3:29 p.m.•68 views

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

10CVSS9.5AI score0.01357EPSS

CVE•added 2018/08/27 5:29 p.m.•68 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive i...

7.5CVSS7.2AI score0.00242EPSS

CVE•added 2018/09/10 7:29 p.m.•56 views

CVE-2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container ...

9.8CVSS9.4AI score0.00131EPSS

CVE•added 2018/07/30 5:29 p.m.•54 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS

Total number of security vulnerabilities60