Shodan
Vulnerabilities
Vulnerable Software
Redhat:  >> Openstack  >> 4.0  Security Vulnerabilities
CVE-2012-6685
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVSS Score
7.5
EPSS Score
0.004
Published
2020-02-19
CVE-2013-1793
openstack-utils openstack-db has insecure password creation
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-10
CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVSS Score
6.5
EPSS Score
0.025
Published
2019-11-05
CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVSS Score
6.5
EPSS Score
0.02
Published
2019-11-05
CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-11-01
CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
CVSS Score
7.7
EPSS Score
0.339
Published
2015-05-13
CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.067
Published
2015-04-10
CVE-2014-3691
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
CVSS Score
7.5
EPSS Score
0.001
Published
2015-03-09
CVE-2014-9493
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.
CVSS Score
5.5
EPSS Score
0.01
Published
2015-01-07
CVE-2014-7821
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
CVSS Score
4.0
EPSS Score
0.014
Published
2014-11-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved