Filtered by vendor Openstack Subscriptions
Total 258 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4202 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Cinder, Openstack 2024-08-06 N/A
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
CVE-2013-4185 2 Openstack, Redhat 2 Compute, Openstack 2024-08-06 N/A
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
CVE-2013-4261 2 Openstack, Redhat 3 Folsom, Grizzly, Openstack 2024-08-06 N/A
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
CVE-2013-4183 2 Openstack, Redhat 2 Cinder, Openstack 2024-08-06 N/A
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-4222 4 Canonical, Fedoraproject, Openstack and 1 more 4 Ubuntu Linux, Fedora, Keystone and 1 more 2024-08-06 N/A
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
CVE-2013-4179 2 Openstack, Redhat 3 Compute, Havana, Openstack 2024-08-06 N/A
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
CVE-2013-4155 2 Openstack, Redhat 5 Folsom, Grizzly, Havana and 2 more 2024-08-06 N/A
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.
CVE-2013-4111 3 Openstack, Opensuse, Redhat 3 Python Glanceclient, Opensuse, Openstack 2024-08-06 N/A
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-2255 3 Debian, Openstack, Redhat 4 Debian Linux, Compute, Keystone and 1 more 2024-08-06 5.9 Medium
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
CVE-2013-2256 2 Openstack, Redhat 2 Nova, Openstack 2024-08-06 N/A
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
CVE-2013-2157 2 Openstack, Redhat 2 Keystone, Openstack 2024-08-06 N/A
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
CVE-2013-2166 4 Debian, Fedoraproject, Openstack and 1 more 4 Debian Linux, Fedora, Python-keystoneclient and 1 more 2024-08-06 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2013-2161 3 Openstack, Opensuse, Redhat 5 Folsom, Grizzly, Havana and 2 more 2024-08-06 N/A
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
CVE-2013-2096 1 Openstack 3 Folsom, Grizzly, Havana 2024-08-06 N/A
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
CVE-2013-2167 3 Debian, Openstack, Redhat 3 Debian Linux, Python-keystoneclient, Openstack 2024-08-06 9.8 Critical
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVE-2013-2104 2 Openstack, Redhat 2 Python-keystoneclient, Openstack 2024-08-06 N/A
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
CVE-2013-2030 1 Openstack 4 Compute, Folsom, Grizzly and 1 more 2024-08-06 N/A
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
CVE-2013-2059 1 Openstack 1 Keystone 2024-08-06 N/A
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2013-1977 1 Openstack 1 Devstack 2024-08-06 N/A
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
CVE-2013-2014 2 Fedoraproject, Openstack 2 Fedora, Keystone 2024-08-06 N/A
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.