Filtered by vendor Openstack
Subscribe
Total
257 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4278 | 1 Openstack | 1 Compute | 2025-04-11 | 3.5 LOW | N/A |
| The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256. | |||||
| CVE-2012-3360 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. | |||||
| CVE-2013-0282 | 1 Openstack | 1 Keystone | 2025-04-11 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | |||||
| CVE-2013-4183 | 1 Openstack | 1 Cinder | 2025-04-11 | 2.1 LOW | N/A |
| The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-0270 | 1 Openstack | 1 Keystone | 2025-04-11 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | |||||
| CVE-2013-4179 | 1 Openstack | 2 Compute, Havana | 2025-04-11 | 4.3 MEDIUM | N/A |
| The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664. | |||||
| CVE-2013-6426 | 1 Openstack | 1 Heat | 2025-04-11 | 4.0 MEDIUM | N/A |
| The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. | |||||
| CVE-2013-4354 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-11 | 2.1 LOW | N/A |
| The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. | |||||
| CVE-2013-4155 | 1 Openstack | 4 Folsom, Grizzly, Havana and 1 more | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. | |||||
| CVE-2012-3371 | 1 Openstack | 3 Compute, Essex, Folsom | 2025-04-11 | 3.5 LOW | N/A |
| The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | |||||
| CVE-2012-5625 | 1 Openstack | 2 Folsom, Grizzly | 2025-04-11 | 4.3 MEDIUM | N/A |
| OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | |||||
| CVE-2013-4497 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2025-04-11 | 6.4 MEDIUM | N/A |
| The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-2157 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.3 MEDIUM | N/A |
| OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2013-1840 | 2 Amazon, Openstack | 5 S3 Store, Essex, Folsom and 2 more | 2025-04-11 | 3.5 LOW | N/A |
| The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | |||||
| CVE-2013-2013 | 1 Openstack | 1 Python-keystoneclient | 2025-04-11 | 2.1 LOW | N/A |
| The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2013-7048 | 1 Openstack | 1 Nova | 2025-04-11 | 3.3 LOW | N/A |
| OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. | |||||
| CVE-2013-2161 | 2 Openstack, Opensuse | 4 Folsom, Grizzly, Havana and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. | |||||
| CVE-2012-4457 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | |||||
| CVE-2013-6428 | 1 Openstack | 1 Heat | 2025-04-11 | 4.0 MEDIUM | N/A |
| The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path. | |||||
| CVE-2012-3447 | 1 Openstack | 2 Folsom, Nova | 2025-04-11 | 4.9 MEDIUM | N/A |
| virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. | |||||