Openstack
openstack
266 CVEs • 65 products
Products (65)
Click to collapseToggle
Products (65)
Click to collapse
CVEs (266)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Openstack 1Image Registry And Delivery Service (glance) May 6, 2026 Feb 24, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large...Show more |
2Openstack Redhat2Image Registry And Delivery Service (glance) OpenstackMay 6, 2026 Jan 23, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. |
1Openstack 1Image Registry And Delivery Service (glance) May 6, 2026 Jan 21, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: U...Show more |
2Litech Openstack2Neutron Router Advertisement DaemonMay 6, 2026 Jan 15, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning...Show more |
2Openstack Redhat2Image Registry And Delivery Service (glance) OpenstackMay 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image locati...Show more |
4Fedoraproject OpenstackOpensuse+1 more4Fedora HorizonOpensuse+1 moreMay 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service...Show more |
3Fedoraproject OpenstackRedhat3Fedora NeutronOpenstackMay 6, 2026 Nov 24, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. |
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a...Show more |
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or...Show more |
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary...Show more |
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allo...Show more |
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when us...Show more |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. |
OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request. |
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the...Show more |
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. |
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same V...Show more |
2Openstack Redhat4Cinder NovaOpenstack+1 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local use...Show more |
3Canonical OpenstackRedhat5Cinder NovaOpenstack+2 moreMay 6, 2026 Oct 8, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by...Show more |
The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 h...Show more |