Openstack@13 Security Vulnerabilities and Issues — Page 2 of Openstack@13 CVE List

Lucene search

RedhatOpenstack13

60 matches found

CVE•added 2018/09/10 7:29 p.m.•75 views

CVE-2018-14635

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outsid...

6.5CVSS6.1AI score0.0042EPSS

CVE•added 2019/03/13 2:29 a.m.•73 views

CVE-2019-9735

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authentic...

6.5CVSS6.1AI score0.02003EPSS

CVE•added 2018/10/19 10:29 p.m.•72 views

CVE-2018-18438

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.

5.5CVSS7.1AI score0.00122EPSS

CVE•added 2019/07/30 5:15 p.m.•72 views

CVE-2019-10141

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspecti...

9.1CVSS8.8AI score0.00901EPSS

CVE•added 2018/07/31 2:29 p.m.•67 views

CVE-2018-14432

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all proje...

5.3CVSS4.8AI score0.012EPSS

CVE•added 2019/03/26 6:29 p.m.•66 views

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing...

7.5CVSS7.3AI score0.00267EPSS

CVE•added 2017/12/08 3:29 p.m.•64 views

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

10CVSS9.5AI score0.01357EPSS

CVE•added 2018/08/27 5:29 p.m.•61 views

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive i...

7.5CVSS7.2AI score0.00252EPSS

CVE•added 2018/07/30 5:29 p.m.•53 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS

CVE•added 2018/09/10 7:29 p.m.•50 views

CVE-2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container ...

9.8CVSS9.4AI score0.00136EPSS

Total number of security vulnerabilities60