Openstack Security Vulnerabilities and Issues — Openstack CVE List

Lucene search

RedhatOpenstack

12 matches found

CVE•added 2013/07/31 1:20 p.m.•76 views

CVE-2013-2882

Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

7.5CVSS9.3AI score0.01386EPSS

CVE•added 2013/09/30 10:55 p.m.•69 views

CVE-2013-4222

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

6.5CVSS6.1AI score0.0058EPSS

CVE•added 2013/11/23 5:55 p.m.•65 views

CVE-2013-2029

nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.

6.3CVSS6.4AI score0.00036EPSS

CVE•added 2013/10/29 10:55 p.m.•58 views

CVE-2013-4261

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send...

3.5CVSS6.4AI score0.00622EPSS

CVE•added 2013/07/31 1:20 p.m.•52 views

CVE-2013-2113

The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.

6CVSS6.7AI score0.32418EPSS

CVE•added 2013/10/29 10:55 p.m.•52 views

CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of se...

4CVSS6.1AI score0.00372EPSS

CVE•added 2013/11/20 2:12 p.m.•52 views

CVE-2013-4386

Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.

7.5CVSS8.8AI score0.00354EPSS

CVE•added 2013/12/14 5:21 p.m.•52 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS6.6AI score0.00495EPSS

CVE•added 2013/11/23 5:55 p.m.•51 views

CVE-2013-4214

rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.

6.3CVSS8.2AI score0.00056EPSS

CVE•added 2013/07/31 1:20 p.m.•48 views

CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.

6CVSS7.5AI score0.4565EPSS

CVE•added 2013/09/16 7:14 p.m.•48 views

CVE-2013-4182

app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.

7.5CVSS6.9AI score0.00712EPSS

CVE•added 2013/09/16 7:14 p.m.•44 views

CVE-2013-4180

The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.

5CVSS6.9AI score0.00535EPSS