Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
RedhatOpenstack4.0

18 matches found

CVE
CVEadded 2015/05/13 6:59 p.m.243 views

CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified...

7.7CVSS7.5AI score0.28587EPSS
CVE
CVEadded 2020/02/19 3:15 p.m.195 views

CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks

7.5CVSS7.3AI score0.00323EPSS
CVE
CVEadded 2019/11/01 7:15 p.m.169 views

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

5.9CVSS5.7AI score0.00414EPSS
CVE
CVEadded 2014/02/06 10:55 p.m.89 views

CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

6.8CVSS5.4AI score0.08342EPSS
CVE
CVEadded 2014/10/02 2:55 p.m.60 views

CVE-2014-3621

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

4CVSS5.8AI score0.00426EPSS
CVE
CVEadded 2019/11/05 3:15 p.m.57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS
CVE
CVEadded 2015/03/09 2:59 p.m.57 views

CVE-2014-3691

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

7.5CVSS7.6AI score0.00351EPSS
CVE
CVEadded 2015/01/07 7:59 p.m.55 views

CVE-2014-9493

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

5.5CVSS6.2AI score0.00979EPSS
CVE
CVEadded 2014/11/24 3:59 p.m.53 views

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

4CVSS6.1AI score0.0214EPSS
CVE
CVEadded 2013/12/14 5:21 p.m.52 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS6.6AI score0.00495EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.51 views

CVE-2014-0040

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS
CVE
CVEadded 2014/04/17 2:55 p.m.51 views

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

6.4CVSS6.9AI score0.00169EPSS
CVE
CVEadded 2014/08/19 6:55 p.m.50 views

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/m...

5CVSS5.9AI score0.0075EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.49 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS
CVE
CVEadded 2019/11/05 3:15 p.m.47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.45 views

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

5CVSS7.3AI score0.0028EPSS
CVE
CVEadded 2014/06/02 3:55 p.m.42 views

CVE-2014-0042

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

4.3CVSS6.8AI score0.00263EPSS
CVE
CVEadded 2019/12/10 2:15 p.m.38 views

CVE-2013-1793

openstack-utils openstack-db has insecure password creation

7.5CVSS7.6AI score0.00277EPSS