Filtered by vendor Redhat
Subscriptions
Filtered by product Openstack
Subscriptions
Total
727 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6470 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | ||||
| CVE-2015-3456 | 3 Qemu, Redhat, Xen | 7 Qemu, Enterprise Linux, Enterprise Virtualization and 4 more | 2025-04-12 | N/A |
| The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. | ||||
| CVE-2015-5143 | 5 Canonical, Debian, Djangoproject and 2 more | 5 Ubuntu Linux, Debian Linux, Django and 2 more | 2025-04-12 | N/A |
| The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys. | ||||
| CVE-2015-5154 | 5 Fedoraproject, Qemu, Redhat and 2 more | 10 Fedora, Qemu, Enterprise Linux and 7 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. | ||||
| CVE-2015-5163 | 2 Openstack, Redhat | 2 Glance, Openstack | 2025-04-12 | N/A |
| The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image. | ||||
| CVE-2013-7436 | 2 Kanaka, Redhat | 2 Novnc, Openstack | 2025-04-12 | N/A |
| noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2014-8106 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320. | ||||
| CVE-2014-7960 | 2 Openstack, Redhat | 3 Swift, Openstack, Storage | 2025-04-12 | N/A |
| OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. | ||||
| CVE-2014-8124 | 5 Fedoraproject, Openstack, Opensuse and 2 more | 5 Fedora, Horizon, Opensuse and 2 more | 2025-04-12 | N/A |
| OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page. | ||||
| CVE-2014-0187 | 4 Canonical, Openstack, Opensuse and 1 more | 4 Ubuntu Linux, Neutron, Opensuse and 1 more | 2025-04-12 | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | ||||
| CVE-2014-0162 | 2 Openstack, Redhat | 3 Icehouse, Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location. | ||||
| CVE-2014-0472 | 3 Canonical, Djangoproject, Redhat | 3 Ubuntu Linux, Django, Openstack | 2025-04-12 | N/A |
| The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." | ||||
| CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. | ||||
| CVE-2014-9623 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | ||||
| CVE-2015-1842 | 1 Redhat | 2 Openstack, Openstack-installer | 2025-04-12 | N/A |
| The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors. | ||||
| CVE-2015-5251 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2025-04-12 | N/A |
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | ||||
| CVE-2014-6559 | 5 Juniper, Mariadb, Oracle and 2 more | 11 Junos Space, Mariadb, Mysql and 8 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. | ||||
| CVE-2014-6555 | 4 Mariadb, Oracle, Redhat and 1 more | 9 Mariadb, Mysql, Enterprise Linux and 6 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML. | ||||
| CVE-2014-6568 | 7 Canonical, Debian, Fedoraproject and 4 more | 19 Ubuntu Linux, Debian Linux, Fedora and 16 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. | ||||
| CVE-2014-6530 | 4 Mariadb, Oracle, Redhat and 1 more | 10 Mariadb, Mysql, Solaris and 7 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP. | ||||