Show filters
257 Total Results
Displaying 41-50 of 257
Sort by:
Attacker Value
Unknown

CVE-2012-5474

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2012-5476

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-2166

Disclosure Date: December 10, 2019 (last updated November 27, 2024)
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-2167

Disclosure Date: December 10, 2019 (last updated November 27, 2024)
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-19687

Disclosure Date: December 09, 2019 (last updated November 27, 2024)
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-0326

Disclosure Date: December 05, 2019 (last updated November 27, 2024)
OpenStack nova base images permissions are world readable
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2011-4076

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-5694

Disclosure Date: November 22, 2019 (last updated November 27, 2024)
Designate does not enforce the DNS protocol limit concerning record set sizes
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2012-1572

Disclosure Date: November 12, 2019 (last updated November 27, 2024)
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-2255

Disclosure Date: November 01, 2019 (last updated November 27, 2024)
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >