Red Hat Open Stack 3.0

CPE Details

Red Hat Open Stack 3.0
redhat
openstack
3.0
2013-07-31
16h22 +00:00
2013-07-31
23h37 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openstack

Version

3.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2013-2167 2019-12-10 13h22 +00:00 python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
9.8
Critical
CVE-2013-2166 2019-12-10 13h19 +00:00 python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
9.8
Critical
CVE-2013-1793 2019-12-10 12h17 +00:00 openstack-utils openstack-db has insecure password creation
7.5
High
CVE-2013-6461 2019-11-05 13h07 +00:00 Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
6.5
Medium
CVE-2013-6460 2019-11-05 13h02 +00:00 Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
6.5
Medium
CVE-2013-2255 2019-11-01 17h38 +00:00 HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
5.9
Medium
CVE-2015-1842 2015-04-10 12h00 +00:00 The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
10
CVE-2013-6393 2014-02-06 21h00 +00:00 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
6.8
CVE-2013-6491 2014-02-01 23h00 +00:00 The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
4.3
CVE-2013-2029 2013-11-23 16h00 +00:00 nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/.
6.3
CVE-2013-4214 2013-11-23 16h00 +00:00 rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
6.3
CVE-2013-4386 2013-11-19 18h00 +00:00 Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
7.5
CVE-2013-4185 2013-10-29 22h00 +00:00 Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
4
CVE-2013-4261 2013-10-29 22h00 +00:00 OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
3.5
CVE-2013-4222 2013-09-30 18h00 +00:00 OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
6.5
CVE-2013-4180 2013-09-16 19h00 +00:00 The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
5
CVE-2013-4182 2013-09-16 19h00 +00:00 app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
7.5
CVE-2013-2113 2013-07-31 10h00 +00:00 The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role.
6
CVE-2013-2121 2013-07-31 10h00 +00:00 Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
6
CVE-2013-2882 2013-07-30 19h00 +00:00 Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
7.5