VIR Vulnerability Intelligence Relay

Search

Found 161 results in 37ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-4278 low 3.5 FIX debian debian openstack 4y ago The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot…
CVE-2013-4294 medium 5.0 FIX debian debian openstack 4y ago The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which a…
CVE-2013-4497 medium 6.4 FIX debian debian openstack 4y ago The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows …
CVE-2013-1865 medium 6.8 FIX ubuntu ubuntudebian debian openstack 4y ago OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions…
CVE-2013-2104 medium 5.5 FIX debian debian openstack 4y ago python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after i…
CVE-2014-1948 low 2.6 FIX debian debian openstack 4y ago OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN…
CVE-2013-6419 medium 5.0 FIX debian debian openstack 4y ago Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive…
CVE-2014-0056 low 2.1 FIX ubuntu ubuntudebian debian openstack 4y ago The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants …
CVE-2013-4463 low 2.1 FIX debian debian openstack 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumpti…
CVE-2013-4469 low 1.9 FIX debian debian openstack 4y ago OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (ho…
CVE-2014-5253 medium 4.9 FIX debian debianubuntu ubuntu openstack 4y ago OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
CVE-2014-2237 medium 5.0 FIX debian debian openstack 4y ago The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, d…
CVE-2014-3497 medium 4.3 FIX debian debian openstack 4y ago Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
CVE-2014-7144 medium 4.3 FIX debian debian openstack 4y ago OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (pa…
CVE-2016-0757 medium 4.3 4.3 FIX slesdebian debian openstack 4y ago OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload…
CVE-2015-1881 medium 4.0 FIX debian debian openstack 4y ago OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)…
CVE-2014-5356 medium 4.0 FIX debian debianubuntu ubuntu openstack 4y ago OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
CVE-2012-2654 medium 4.3 FIX debian debian openstack 4y ago The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc…
CVE-2012-4573 medium 5.5 FIX debian debian openstack 4y ago The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulne…
CVE-2013-1838 medium 4.0 FIX ubuntu ubuntudebian debian openstack 4y ago OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource…
CVE-2017-7400 medium 4.8 4.8 FIX slesdebian debian openstack 4y ago OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
CVE-2015-8914 critical 9.1 9.1 FIX slesdebian debian openstack 4y ago The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of s…
CVE-2013-2256 medium 6.0 FIX debian debian openstack 4y ago OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive info…
CVE-2015-7713 medium 5.0 FIX debian debian openstack 4y ago OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by lever…
CVE-2015-3241 medium 6.8 FIX debian debian openstack 4y ago OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of …
CVE-2014-3708 medium 4.0 FIX slesdebian debian openstackredhat 4y ago OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API re…
CVE-2016-2140 medium 5.3 5.3 FIX slesdebian debian openstack 4y ago The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users …
CVE-2014-3476 medium 6.0 FIX debian debian openstacksuse 4y ago OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b…
CVE-2013-2014 medium 5.0 FIX debian debianfedora fedora openstack 4y ago OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
CVE-2017-7549 medium 6.4 6.4 openstackredhat 4y ago A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, wher…
CVE-2013-0270 medium 6.5 6.5 FIX debian debian openstack 4y ago A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This …
CVE-2017-16613 critical 9.8 9.8 debian debian openstack 9y ago An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieve…
CVE-2017-16239 medium 6.5 6.5 FIX slesdebian debian openstack 9y ago In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filte…
CVE-2015-5695 medium 6.5 6.5 FIX debian debian openstack 9y ago Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might…
CVE-2015-3156 medium 5.5 5.5 slesdebian debian openstack 9y ago Openstack DBaaS (Trove) Improper Link Resolution Before File Access
CVE-2015-2687 medium 4.7 4.7 FIX debian debian openstack 9y ago OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
CVE-2015-7514 medium 6.5 6.5 FIX debian debian openstack 9y ago OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
CVE-2016-6519 medium 5.4 5.4 FIX slesdebian debian redhatopenstack 9y ago Openstack Manila Persistent XSS in Metadata field
CVE-2015-8234 medium 5.5 5.5 debian debian openstack 9y ago The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.
CVE-2017-7214 critical 9.8 9.8 FIX slesdebian debian openstack 9y ago An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level lo…
CVE-2017-7200 medium 5.8 5.8 FIX slesdebian debian openstack 9y ago OpenStack Glance Server-Side Request Forgery (SSRF)
CVE-2016-5737 medium 6.1 6.1 openstack 10y ago The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scriptin…
CVE-2016-9185 medium 4.3 4.3 FIX slesdebian debian openstack 10y ago In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 …
CVE-2016-7498 medium 6.5 6.5 FIX debian debian openstack 10y ago OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances wh…
CVE-2016-4972 critical 9.8 9.8 FIX debian debian openstack 10y ago OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x …
CVE-2016-4428 medium 5.4 5.4 FIX slesdebian debian rhel openstackredhat 10y ago OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability
CVE-2015-5295 medium 5.4 5.4 FIX slesdebian debianfedora fedora openstackredhat 11y ago The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory cons…
CVE-2015-8749 medium 5.9 5.9 FIX slesdebian debian openstack 11y ago The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message …
CVE-2015-7548 low 3.5 3.5 FIX slesdebian debian openstack 11y ago OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read …
CVE-2015-5306 medium 6.8 FIX debian debian openstack 11y ago OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by trigge…
CVE-2015-5240 low 3.5 FIX debian debian openstack 11y ago Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing…
CVE-2015-5286 medium 6.8 FIX debian debian openstack 11y ago OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service
CVE-2015-5251 medium 5.5 FIX debian debian openstack 11y ago OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
CVE-2015-5223 medium 5.0 FIX debian debian openstack 11y ago OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CVE-2015-3280 medium 6.8 FIX debian debian openstack 11y ago OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of…
CVE-2015-3221 medium 5.0 EXPFIX debian debian openstack 11y ago OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) …
CVE-2015-3219 medium 4.3 FIX debian debian openstack 11y ago Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbi…
CVE-2015-5163 low 3.5 FIX debian debian openstack 11y ago The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file…
CVE-2015-3289 medium 4.0 FIX debian debian openstack 11y ago OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleti…
CVE-2015-1851 medium 6.8 FIX debian debianubuntu ubuntu openstack 11y ago OpenStack Cinder file disclosure in image convert
CVE-2015-3988 low 3.5 FIX debian debian openstack 11y ago Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance …
CVE-2015-3646 medium 4.0 FIX slesdebian debian openstack 11y ago OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and othe…
CVE-2015-1856 medium 5.5 FIX ubuntu ubuntudebian debian openstack 11y ago OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-vers…
CVE-2015-1852 medium 4.3 FIX ubuntu ubuntudebian debian openstack 11y ago The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configurat…
CVE-2015-0259 medium 5.1 FIX debian debian openstack 11y ago OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authenticati…
CVE-2014-9684 medium 4.0 FIX debian debian openstack 11y ago OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)…
CVE-2014-9623 medium 4.0 FIX debian debian redhatopenstack 12y ago OpenStack Glance Bypass the storage quota and Denial of service
CVE-2015-1195 medium 6.5 FIX debian debian openstack 12y ago OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme
CVE-2014-8153 medium 4.0 FIX debian debian litechopenstack 12y ago The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight …
CVE-2014-9493 medium 5.5 FIX debian debian redhatopenstack 12y ago The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
CVE-2014-8124 medium 5.0 FIX debian debiansuse susefedora fedora openstack 12y ago OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause…
CVE-2014-7821 medium 4.0 FIX debian debianfedora fedora openstackredhat 12y ago OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVE-2014-0204 medium 6.5 FIX debian debian openstack 12y ago OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges th…
CVE-2014-8578 low 3.5 FIX debian debian openstack 12y ago Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject ar…
CVE-2014-3475 low 3.5 FIX debian debiansuse suse openstack 12y ago Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrator…
CVE-2014-3474 low 3.5 FIX debian debiansuse suse openstack 12y ago OpenStack Horizon Cross-site scripting (XSS) vulnerability
CVE-2014-3473 medium 4.3 FIX debian debiansuse suse openstack 12y ago Horizon-Orchestration Cross-site scripting (XSS) vulnerability through resource name
CVE-2014-8333 medium 4.0 FIX debian debian rhel redhatopenstack 12y ago The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
CVE-2014-3520 medium 6.5 FIX debian debian openstack 12y ago OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has …
CVE-2014-7960 medium 4.0 FIX slesdebian debian openstack 12y ago OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when c…
CVE-2014-8750 medium 6.5 FIX slesdebian debian openstack 12y ago Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance tha…
CVE-2014-7231 low 2.1 FIX debian debian openstackredhat 12y ago OpenStack Oslo utility sensitive information exposure via log files
CVE-2014-7230 low 2.1 FIX debian debianubuntu ubuntu openstackredhat 12y ago The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro…
CVE-2014-3641 medium 4.0 FIX debian debian openstack 12y ago OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
CVE-2014-3608 low 2.7 FIX debian debian openstack 12y ago The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into t…
CVE-2014-6414 medium 4.0 FIX debian debianubuntu ubuntu openstack 12y ago OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.
CVE-2014-3621 medium 4.0 FIX debian debianubuntu ubuntu rhel openstackredhat 12y ago The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpo…
CVE-2014-5252 medium 4.9 FIX debian debianubuntu ubuntu openstack 12y ago The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
CVE-2014-5251 medium 4.9 FIX debian debianubuntu ubuntu openstack 12y ago The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
CVE-2014-3594 low 3.5 FIX debian debiansuse suse openstack 12y ago OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
CVE-2014-4615 medium 5.0 FIX debian debianubuntu ubuntu redhatopenstack 12y ago The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Osl…
CVE-2014-3517 medium 4.3 FIX debian debian openstack 12y ago api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attack…
CVE-2014-3555 medium 4.0 FIX debian debian openstack 12y ago OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a la…
CVE-2014-4167 low 3.5 FIX debian debianubuntu ubuntu openstack 12y ago The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by at…
CVE-2014-3801 low 3.5 FIX debian debian openstack 12y ago OpenStack Heat template URL information leakage
CVE-2013-4471 medium 5.5 FIX debian debian openstack 12y ago The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang…
CVE-2014-0134 low 3.5 FIX debian debian openstack 12y ago The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authentica…
CVE-2014-0187 critical 9.0 FIX debian debianubuntu ubuntususe suse openstack 12y ago The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a s…
CVE-2014-0162 medium 6.0 FIX debian debian openstack 12y ago OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
CVE-2014-0167 medium 6.0 FIX debian debian openstack 12y ago The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, …