Openstack@4.0 Security Vulnerabilities and Issues — Openstack@4.0 CVE List

Lucene search

RedhatOpenstack4.0

9 matches found

CVE•added 2014/02/06 10:55 p.m.•89 views

CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

6.8CVSS5.4AI score0.08342EPSS

CVE•added 2014/10/02 2:55 p.m.•60 views

CVE-2014-3621

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

4CVSS5.8AI score0.00426EPSS

CVE•added 2014/11/24 3:59 p.m.•53 views

CVE-2014-7821

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

4CVSS6.1AI score0.0214EPSS

CVE•added 2014/06/02 3:55 p.m.•51 views

CVE-2014-0040

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2014/04/17 2:55 p.m.•51 views

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

6.4CVSS6.9AI score0.00169EPSS

CVE•added 2014/08/19 6:55 p.m.•50 views

CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/m...

5CVSS5.9AI score0.0075EPSS

CVE•added 2014/06/02 3:55 p.m.•49 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2014/06/02 3:55 p.m.•45 views

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

5CVSS7.3AI score0.0028EPSS

CVE•added 2014/06/02 3:55 p.m.•42 views

CVE-2014-0042

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

4.3CVSS6.8AI score0.00263EPSS