Filtered by vendor Openstack
Subscriptions
Total
258 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-2006 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-06 | N/A |
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | ||||
CVE-2013-1865 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Folsom, Openstack | 2024-08-06 | N/A |
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | ||||
CVE-2013-1838 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2024-08-06 | N/A |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. | ||||
CVE-2013-1840 | 3 Amazon, Openstack, Redhat | 6 S3 Store, Essex, Folsom and 3 more | 2024-08-06 | N/A |
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | ||||
CVE-2013-1664 | 2 Openstack, Redhat | 7 Cinder Folsom, Compute \(nova\) Essex, Compute \(nova\) Folsom and 4 more | 2024-08-06 | N/A |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. | ||||
CVE-2013-1665 | 2 Openstack, Redhat | 3 Folsom, Keystone Essex, Openstack | 2024-08-06 | N/A |
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack. | ||||
CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-08-06 | 5.5 Medium |
OpenStack nova base images permissions are world readable | ||||
CVE-2013-0335 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2024-08-06 | N/A |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | ||||
CVE-2013-0282 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-06 | N/A |
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | ||||
CVE-2013-0270 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-06 | N/A |
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | ||||
CVE-2013-0266 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-08-06 | N/A |
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | ||||
CVE-2013-0212 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. | ||||
CVE-2013-0247 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-08-06 | N/A |
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. | ||||
CVE-2013-0261 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-08-06 | N/A |
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
CVE-2013-0208 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Essex, Folsom and 1 more | 2024-08-06 | N/A |
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. | ||||
CVE-2014-9684 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881. | ||||
CVE-2014-9623 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | ||||
CVE-2014-9493 | 2 Openstack, Redhat | 2 Image Registry And Delivery Service \(glance\), Openstack | 2024-08-06 | N/A |
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. | ||||
CVE-2014-8750 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-08-06 | N/A |
Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances. | ||||
CVE-2014-8333 | 2 Openstack, Redhat | 3 Nova, Enterprise Linux, Openstack | 2024-08-06 | N/A |
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state. |