Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-2167 |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass Published: December 10, 2019; 10:15:11 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-2166 |
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass Published: December 10, 2019; 10:15:11 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-1793 |
openstack-utils openstack-db has insecure password creation Published: December 10, 2019; 9:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-6461 |
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Published: November 05, 2019; 10:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-6460 |
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents Published: November 05, 2019; 10:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-2255 |
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. Published: November 01, 2019; 3:15:10 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-1842 |
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. Published: April 10, 2015; 11:00:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-6393 |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. Published: February 06, 2014; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6491 |
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. Published: February 01, 2014; 7:55:04 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4214 |
rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache. Published: November 23, 2013; 12:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2013-2029 |
nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/. Published: November 23, 2013; 12:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.3 MEDIUM |
CVE-2013-4386 |
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter. Published: November 20, 2013; 9:12:21 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4261 |
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. Published: October 29, 2013; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-4185 |
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. Published: October 29, 2013; 6:55:02 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-4222 |
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. Published: September 30, 2013; 6:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-4182 |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-4180 |
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. Published: September 16, 2013; 3:14:38 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-2121 |
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-2113 |
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. Published: July 31, 2013; 9:20:25 AM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2013-2882 |
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Published: July 31, 2013; 9:20:13 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |