Search Results (Refine Search)
- CPE Product Version: cpe:/a:redhat:openstack:5.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3209 |
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. Published: June 15, 2015; 11:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3456 |
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Published: May 13, 2015; 2:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.7 HIGH |
CVE-2015-1842 |
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. Published: April 10, 2015; 11:00:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-0271 |
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. Published: March 10, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3691 |
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. Published: March 09, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9623 |
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. Published: January 23, 2015; 10:59:06 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-9493 |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Published: January 07, 2015; 2:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-3615 |
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Published: November 01, 2014; 7:55:09 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-8333 |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. Published: October 31, 2014; 10:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3708 |
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. Published: October 31, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-7231 |
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. Published: October 08, 2014; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-7230 |
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log. Published: October 08, 2014; 3:55:04 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3621 |
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. Published: October 02, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |