Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: openstack Clear
ID Title
CVE-2026-50221 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
CVE-2026-46448 Vulnerability in nova (CVE-2026-46448)
vulnerability in nova (CVE-2026-46448). Risk of unauthorized operations or information disclosure.
CVE-2026-50589 Vulnerability in openstack (CVE-2026-50589)
vulnerability in openstack (CVE-2026-50589). Risk of unauthorized operations or information disclosure.
CVE-2026-48681 Vulnerability in path-traversal (CVE-2026-48681)
vulnerability in path-traversal (CVE-2026-48681). Confidential information can be exposed externally.
CVE-2026-44917 Vulnerability in openstack (CVE-2026-44917)
vulnerability in openstack (CVE-2026-44917). Confidential information can be exposed externally.
CVE-2026-46447 OpenStack Ironic through 35.0.x allows Boot Script Injection.
OpenStack Ironic through 35.0.x allows Boot Script Injection.
CVE-2026-44394 Authorization Flaw in keystone (CVE-2026-44394)
vulnerability in keystone (CVE-2026-44394). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v3/auth/tokens`. Mitigation: upgrade to `29.0.2` or later.
CVE-2026-42998 Authorization Flaw in keystone (CVE-2026-42998)
vulnerability in keystone (CVE-2026-42998). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
CVE-2026-42999 Vulnerability in keystone (CVE-2026-42999)
vulnerability in keystone (CVE-2026-42999). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
CVE-2026-43000 Vulnerability in keystone (CVE-2026-43000)
vulnerability in keystone (CVE-2026-43000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
CVE-2026-44919 Vulnerability in ironic (CVE-2026-44919)
vulnerability in ironic (CVE-2026-44919). Risk of unauthorized operations or information disclosure.
CVE-2026-44916 Vulnerability in CVE-2026-44916 (CVE-2026-44916)
vulnerability in CVE-2026-44916 (CVE-2026-44916). Risk of unauthorized operations or information disclosure.
CVE-2026-42997 Vulnerability in ironic-python-agent (CVE-2026-42997)
vulnerability in ironic-python-agent (CVE-2026-42997). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.6` or later.
CVE-2026-43003 OS Command Injection in ironic-python-agent (CVE-2026-43003)
OS command injection in ironic-python-agent (CVE-2026-43003). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `11.6.0` or later.
CVE-2026-43001 Authorization Flaw in keystone (CVE-2026-43001)
vulnerability in keystone (CVE-2026-43001). Confidential information can be exposed externally. Exploitable via `POST /v3/credentials`.
CVE-2026-42510 Vulnerability in ironic (CVE-2026-42510)
vulnerability in ironic (CVE-2026-42510). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `35.0.1` or later.
CVE-2026-33551 Authorization Flaw in keystone (CVE-2026-33551)
vulnerability in keystone (CVE-2026-33551). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.1` or later.
CVE-2026-34881 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
CVE-2018-3639 Vulnerability in intel (CVE-2018-3639)
vulnerability in intel (CVE-2018-3639). Confidential information can be exposed externally.
CVE-2017-10906 Vulnerability in fluentd (CVE-2017-10906)
vulnerability in fluentd (CVE-2017-10906). Successful exploitation can lead to full system takeover.
CVE-2017-17051 Vulnerability in dos (CVE-2017-17051)
vulnerability in dos (CVE-2017-17051). Risk of unauthorized operations or information disclosure.
CVE-2017-16613 Authentication Bypass in swauth (CVE-2017-16613)
authentication bypass in swauth (CVE-2017-16613). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `70af7986265a3defea054c46efc82d0698917298, 1.3.0` or later.
CVE-2017-16239 Vulnerability in openstack (CVE-2017-16239)
vulnerability in openstack (CVE-2017-16239). Data can be tampered with by attackers.
CVE-2017-10384 Vulnerability in c (CVE-2017-10384)
vulnerability in c (CVE-2017-10384). Risk of unauthorized operations or information disclosure.
CVE-2017-10378 Vulnerability in c (CVE-2017-10378)
vulnerability in c (CVE-2017-10378). Risk of unauthorized operations or information disclosure.
CVE-2017-10379 Authorization Flaw in c (CVE-2017-10379)
vulnerability in c (CVE-2017-10379). Confidential information can be exposed externally.
CVE-2017-10268 Vulnerability in c (CVE-2017-10268)
vulnerability in c (CVE-2017-10268). Confidential information can be exposed externally.
CVE-2017-7549 Vulnerability in instack-undercloud (CVE-2017-7549)
vulnerability in instack-undercloud (CVE-2017-7549). Confidential information can be exposed externally.
CVE-2015-5695 Vulnerability in dos (CVE-2015-5695)
vulnerability in dos (CVE-2015-5695). Risk of unauthorized operations or information disclosure.
CVE-2017-12440 Vulnerability in openstack (CVE-2017-12440)
vulnerability in openstack (CVE-2017-12440). Successful exploitation can lead to full system takeover.
CVE-2015-3156 Vulnerability in openstack (CVE-2015-3156)
vulnerability in openstack (CVE-2015-3156). Data can be tampered with by attackers.
CVE-2015-2687 Vulnerability in openstack (CVE-2015-2687)
vulnerability in openstack (CVE-2015-2687). Confidential information can be exposed externally.
CVE-2017-3636 Vulnerability in c (CVE-2017-3636)
vulnerability in c (CVE-2017-3636). Risk of unauthorized operations or information disclosure.
CVE-2017-3653 Vulnerability in c (CVE-2017-3653)
vulnerability in c (CVE-2017-3653). Risk of unauthorized operations or information disclosure.
CVE-2017-3651 Vulnerability in c (CVE-2017-3651)
vulnerability in c (CVE-2017-3651). Risk of unauthorized operations or information disclosure.
CVE-2017-3641 Vulnerability in c (CVE-2017-3641)
vulnerability in c (CVE-2017-3641). Risk of unauthorized operations or information disclosure.
CVE-2017-10664 Vulnerability in dos (CVE-2017-10664)
vulnerability in dos (CVE-2017-10664). Risk of unauthorized operations or information disclosure.
CVE-2017-7980 Buffer Overflow in dos (CVE-2017-7980)
vulnerability in dos (CVE-2017-7980). Successful exploitation can lead to full system takeover.
CVE-2017-1000366 Buffer Overflow in redhat (CVE-2017-1000366)
vulnerability in redhat (CVE-2017-1000366). Successful exploitation can lead to full system takeover.
CVE-2015-7514 Information Disclosure in openstack (CVE-2015-7514)
vulnerability in openstack (CVE-2015-7514). Confidential information can be exposed externally.
CVE-2017-9214 Vulnerability in c (CVE-2017-9214)
vulnerability in c (CVE-2017-9214). Successful exploitation can lead to full system takeover. Exploitable via ``ofputil_pull_queue_get_config_reply10``.
CVE-2017-8379 Vulnerability in dos (CVE-2017-8379)
vulnerability in dos (CVE-2017-8379). Risk of unauthorized operations or information disclosure.
CVE-2017-8309 Vulnerability in c (CVE-2017-8309)
vulnerability in c (CVE-2017-8309). Risk of unauthorized operations or information disclosure.
CVE-2016-6519 Cross-Site Scripting (XSS) in redhat (CVE-2016-6519)
cross-site scripting in redhat (CVE-2016-6519). Risk of unauthorized operations or information disclosure.
CVE-2017-5936 Vulnerability in nova-lxd (CVE-2017-5936)
vulnerability in nova-lxd (CVE-2017-5936). Data can be tampered with by attackers. Mitigation: upgrade to `1b76cefb92081efa1e88cd8f330253f857028bd2, 13.1.1` or later.
CVE-2017-7400 Cross-Site Scripting (XSS) in openstack (CVE-2017-7400)
cross-site scripting in openstack (CVE-2017-7400). Risk of unauthorized operations or information disclosure.
CVE-2014-5009 Command Injection in snoopy (CVE-2014-5009)
command injection in snoopy (CVE-2014-5009). Successful exploitation can lead to full system takeover.
CVE-2008-7313 Command Injection in snoopy (CVE-2008-7313)
command injection in snoopy (CVE-2008-7313). Successful exploitation can lead to full system takeover.
CVE-2014-5008 Snoopy allows remote attackers to execute arbitrary commands.
Snoopy allows remote attackers to execute arbitrary commands.
CVE-2015-8234 Vulnerability in openstack (CVE-2015-8234)
vulnerability in openstack (CVE-2015-8234). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →