Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-6685 |
Nokogiri before 1.5.4 is vulnerable to XXE attacks Published: February 19, 2020; 10:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-1793 |
openstack-utils openstack-db has insecure password creation Published: December 10, 2019; 9:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-6461 |
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Published: November 05, 2019; 10:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-6460 |
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents Published: November 05, 2019; 10:15:11 AM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2013-2255 |
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. Published: November 01, 2019; 3:15:10 PM -0400 |
V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2015-3456 |
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. Published: May 13, 2015; 2:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.7 HIGH |
CVE-2015-1842 |
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. Published: April 10, 2015; 11:00:02 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-3691 |
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. Published: March 09, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9493 |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. Published: January 07, 2015; 2:59:02 PM -0500 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2014-7821 |
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. Published: November 24, 2014; 10:59:02 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-3621 |
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. Published: October 02, 2014; 10:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2014-4615 |
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). Published: August 19, 2014; 2:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0042 |
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. Published: June 02, 2014; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0041 |
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors. Published: June 02, 2014; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0040 |
OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors. Published: June 02, 2014; 11:55:11 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-6470 |
The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. Published: June 02, 2014; 11:55:10 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-0071 |
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. Published: April 17, 2014; 10:55:06 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2013-6393 |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. Published: February 06, 2014; 5:55:03 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-6391 |
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. Published: December 14, 2013; 12:21:46 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |