Filtered by vendor Redhat Subscriptions
Filtered by product Openstack Subscriptions
Total 718 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-3621 3 Canonical, Openstack, Redhat 4 Ubuntu Linux, Keystone, Enterprise Linux and 1 more 2024-11-21 N/A
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
CVE-2014-3615 5 Canonical, Debian, Opensuse and 2 more 13 Ubuntu Linux, Debian Linux, Opensuse and 10 more 2024-11-21 N/A
The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution.
CVE-2014-3608 2 Openstack, Redhat 2 Nova, Openstack 2024-11-21 N/A
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
CVE-2014-3594 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
CVE-2014-3555 2 Openstack, Redhat 2 Neutron, Openstack 2024-11-21 N/A
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.
CVE-2014-3520 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.
CVE-2014-3517 2 Openstack, Redhat 2 Nova, Openstack 2024-11-21 N/A
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.
CVE-2014-3497 2 Openstack, Redhat 2 Swift, Openstack 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
CVE-2014-3476 3 Openstack, Redhat, Suse 3 Keystone, Openstack, Cloud 2024-11-21 N/A
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
CVE-2014-3475 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.
CVE-2014-3474 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
CVE-2014-3473 3 Openstack, Opensuse, Redhat 3 Horizon, Opensuse, Openstack 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
CVE-2014-3461 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2024-11-21 N/A
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
CVE-2014-2894 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2024-11-21 N/A
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
CVE-2014-2828 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
CVE-2014-2525 3 Opensuse, Pyyaml, Redhat 6 Leap, Opensuse, Libyaml and 3 more 2024-11-21 N/A
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
CVE-2014-2494 5 Debian, Mariadb, Oracle and 2 more 10 Debian Linux, Mariadb, Mysql and 7 more 2024-11-21 N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
CVE-2014-2237 2 Openstack, Redhat 2 Keystone, Openstack 2024-11-21 N/A
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
CVE-2014-1948 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2024-11-21 N/A
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
CVE-2014-0474 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2024-11-21 N/A
The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, related to "MySQL typecasting."