Red Hat OpenStack 4.0

CPE Details

Red Hat OpenStack 4.0
redhat
openstack
4.0
2014-04-17
13h58 +00:00
2014-04-24
17h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openstack

Version

4.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-6685 2020-02-19 13h41 +00:00 Nokogiri before 1.5.4 is vulnerable to XXE attacks
7.5
High
CVE-2013-1793 2019-12-10 12h17 +00:00 openstack-utils openstack-db has insecure password creation
7.5
High
CVE-2013-6461 2019-11-05 13h07 +00:00 Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
6.5
Medium
CVE-2013-6460 2019-11-05 13h02 +00:00 Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
6.5
Medium
CVE-2013-2255 2019-11-01 17h38 +00:00 HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
5.9
Medium
CVE-2015-3456 2015-05-13 16h00 +00:00 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
7.7
CVE-2015-1842 2015-04-10 12h00 +00:00 The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
10
CVE-2014-3691 2015-03-09 13h00 +00:00 Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
7.5
CVE-2014-9493 2015-01-07 18h00 +00:00 The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
5.5
CVE-2014-7821 2014-11-24 14h00 +00:00 OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
4
CVE-2014-3621 2014-10-02 12h00 +00:00 The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
4
CVE-2014-4615 2014-08-19 16h00 +00:00 The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
5
CVE-2013-6470 2014-06-02 13h00 +00:00 The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.
5
CVE-2014-0040 2014-06-02 13h00 +00:00 OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.
4.3
CVE-2014-0041 2014-06-02 13h00 +00:00 OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.
4.3
CVE-2014-0042 2014-06-02 13h00 +00:00 OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.
4.3
CVE-2014-0071 2014-04-17 12h00 +00:00 PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.
6.4
CVE-2013-6393 2014-02-06 21h00 +00:00 The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
6.8
CVE-2013-6391 2013-12-14 16h00 +00:00 The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
5.8