Diablo Security Vulnerabilities and Issues — Diablo CVE List

OpenstackDiablo

2 matches found

CVE•added 2012/07/22 4:0 p.m.•74 views

CVE-2012-3361

CVE-2012-3361 affects OpenStack OpenStack Compute (Nova) in Folsom (2012.2), Essex (2012.1), and Diablo (2011.3). The issue is in virt/disk/api.py where remote authenticated users can overwrite arbitrary files via a symlink attack on a file located within an image. The root cause is improper hand...

5.5CVSS6.1AI score0.02582EPSS

CVE•added 2012/06/21 3:0 p.m.•55 views

CVE-2012-2654

CVE-2012-2654 affects OpenStack Compute (Nova) EC2 and OS APIs in Folsom, Essex, and Diablo releases. The vulnerability arises from improper protocol validation when creating security groups if the network protocol isn’t specified in lowercase, allowing remote attackers to bypass access restricti...

4.3CVSS6.5AI score0.02626EPSS