Lucene search
K

12 matches found

CVE
CVE
added 2013/04/03 12:0 a.m.127 views

CVE-2013-1664

The CVE-2013-1664 issue concerns the Python XML libraries (used by OpenStack components: Keystone Essex/Folsom/Grizzly, Nova Essex/Folsom, Cinder Folsom, Django, and possibly other products) that allow remote attackers to trigger a denial-of-service via XML Entity Expansion (XEE). The root cause ...

5CVSS9AI score0.04863EPSS
CVE
CVE
added 2013/08/20 10:0 p.m.106 views

CVE-2013-2161

OpenStack Swift (Folsom, Grizzly, Havana) is affected by CVE-2013-2161 due to an XML injection in the account/utils.py path that handles account names. The root cause is unchecked/unvalidated user input in XML responses, allowing attackers to trigger invalid or spoofed Swift responses. Remediatio...

7.5CVSS9.3AI score0.01894EPSS
CVE
CVE
added 2013/03/08 9:0 p.m.97 views

CVE-2013-0266

CVE-2013-0266 concerns the puppetlabs-cinder PackStack deployment: manifests/base.pp grants world-readable permissions to cinder.conf and api-paste.ini, enabling a local attacker to read OpenStack administrative passwords. Root cause: incorrect file permissions in these configuration files. Affec...

5.5CVSS5.3AI score0.00272EPSS
CVE
CVE
added 2013/04/03 12:0 a.m.90 views

CVE-2013-1665

CVE-2013-1665 is an XXE vulnerability in Python’s XML libraries (used by OpenStack Keystone Essex/Folsom and Django) that allows reading arbitrary files via external entity declarations. Public docs show mitigations such as upstream/Keystone patches that disable XML entity parsing (see Keystone 2...

5CVSS6.5AI score0.04593EPSS
CVE
CVE
added 2013/07/09 5:0 p.m.85 views

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

2.1CVSS5.9AI score0.00383EPSS
CVE
CVE
added 2013/02/13 4:0 p.m.83 views

CVE-2013-0208

CVE-2013-0208 affects OpenStack Compute (Nova) boot-from-volume when using nova-volume on Folsom/Essex. The root cause was insufficient validation of the user’s permission to boot an image, allowing an authenticated user to boot from volumes owned by other users via a volume_id in block_device_ma...

6.5CVSS6AI score0.02505EPSS
CVE
CVE
added 2013/08/20 10:0 p.m.83 views

CVE-2013-4155

OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...

4CVSS6AI score0.01661EPSS
CVE
CVE
added 2013/11/05 8:0 p.m.78 views

CVE-2013-4497

Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...

6.4CVSS6.6AI score0.01808EPSS
CVE
CVE
added 2013/11/02 6:0 p.m.76 views

CVE-2013-4469

CVE-2013-4469 affects OpenStack Nova (Folsom, Grizzly, Havana) where use_cow_images=False allows a local attacker to cause a DoS by transferring a QCOW2 image with a large virtual size but little data, because the code does not verify the image’s virtual size. Root cause noted as an incomplete fi...

1.9CVSS6AI score0.00438EPSS
CVE
CVE
added 2013/03/08 9:0 p.m.73 views

CVE-2013-0261

CVE-2013-0261 concerns PackStack/openstack-packstack. A local attacker can exploit a symlink attack during manifest creation to overwrite arbitrary files in /tmp, potentially affecting files the invoking user can access and, per Red Hat advisory, could lead to denial of service and manipulation o...

8.8CVSS5.4AI score0.00346EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.70 views

CVE-2013-4463

OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...

2.1CVSS5.9AI score0.00368EPSS
CVE
CVE
added 2013/12/27 1:0 a.m.58 views

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...

2.1CVSS6.1AI score0.00238EPSS