Redhat

Openstack

211 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2015-0271

  • EPSS 0.2%
  • Veröffentlicht 10.03.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.

7.5

CVE-2014-3691

  • EPSS 0.14%
  • Veröffentlicht 09.03.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request withou...

4

CVE-2014-9623

Exploit
  • EPSS 0.35%
  • Veröffentlicht 23.01.2015 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

5.5

CVE-2014-9493

  • EPSS 0.75%
  • Veröffentlicht 07.01.2015 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

4

CVE-2014-7821

  • EPSS 1.86%
  • Veröffentlicht 24.11.2014 15:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

2.1

CVE-2014-3615

  • EPSS 0.09%
  • Veröffentlicht 01.11.2014 23:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.

4

CVE-2014-8333

  • EPSS 0.74%
  • Veröffentlicht 31.10.2014 14:55:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

4

CVE-2014-3708

Exploit
  • EPSS 1.06%
  • Veröffentlicht 31.10.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

2.1

CVE-2014-7230

  • EPSS 0.12%
  • Veröffentlicht 08.10.2014 19:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

2.1

CVE-2014-7231

Exploit
  • EPSS 0.16%
  • Veröffentlicht 08.10.2014 19:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by read...