Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openstack
(Redhat)Repositories |
• https://github.com/openvswitch/ovs
• https://github.com/openstack/heat-templates • https://github.com/memcached/memcached • https://github.com/antirez/redis • https://github.com/apache/httpd |
#Vulnerabilities | 210 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-03-31 | CVE-2014-5009 | Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | Nagios, Openstack, Snoopy | 9.8 | ||
2017-03-31 | CVE-2014-5008 | Snoopy allows remote attackers to execute arbitrary commands. | Debian_linux, Openstack, Snoopy | 9.8 | ||
2014-08-19 | CVE-2014-4615 | The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request). | Ubuntu_linux, Neutron, Oslo, Pycadf, Telemetry_\(Ceilometer\), Openstack | N/A | ||
2014-04-17 | CVE-2014-0071 | PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | Openstack | N/A | ||
2014-02-01 | CVE-2013-6491 | The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | Oslo, Openstack | N/A | ||
2014-06-02 | CVE-2013-6470 | The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | Openstack | N/A | ||
2014-02-06 | CVE-2013-6393 | The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Leap, Opensuse, Libyaml, Openstack | N/A | ||
2013-10-29 | CVE-2013-4261 | OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | Folsom, Grizzly, Openstack | N/A | ||
2013-10-29 | CVE-2013-4185 | Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests. | Compute, Openstack | N/A | ||
2017-03-31 | CVE-2008-7313 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | Nagios, Openstack, Snoopy | 9.8 |