Redhat

Openstack

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-3209

  • EPSS 5.35%
  • Veröffentlicht 15.06.2015 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.

7.7

CVE-2015-3456

  • EPSS 33.91%
  • Veröffentlicht 13.05.2015 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_...

10

CVE-2015-1842

  • EPSS 6.72%
  • Veröffentlicht 10.04.2015 15:00:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.

4

CVE-2015-0271

  • EPSS 0.2%
  • Veröffentlicht 10.03.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.

7.5

CVE-2014-3691

  • EPSS 0.35%
  • Veröffentlicht 09.03.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request withou...

4

CVE-2014-9623

Exploit
  • EPSS 1.01%
  • Veröffentlicht 23.01.2015 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

5.5

CVE-2014-9493

  • EPSS 0.75%
  • Veröffentlicht 07.01.2015 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

4

CVE-2014-7821

  • EPSS 1.45%
  • Veröffentlicht 24.11.2014 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

2.1

CVE-2014-3615

  • EPSS 0.09%
  • Veröffentlicht 01.11.2014 23:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

4

CVE-2014-8333

  • EPSS 0.74%
  • Veröffentlicht 31.10.2014 14:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.