Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
OpenstackGrizzly

14 matches found

CVE
CVEadded 2013/04/03 12:0 a.m.126 views

CVE-2013-1664

The CVE-2013-1664 issue concerns the Python XML libraries (used by OpenStack components: Keystone Essex/Folsom/Grizzly, Nova Essex/Folsom, Cinder Folsom, Django, and possibly other products) that allow remote attackers to trigger a denial-of-service via XML Entity Expansion (XEE). The root cause ...

5CVSS9AI score0.04863EPSS
CVE
CVEadded 2013/08/20 10:0 p.m.105 views

CVE-2013-2161

OpenStack Swift (Folsom, Grizzly, Havana) is affected by CVE-2013-2161 due to an XML injection in the account/utils.py path that handles account names. The root cause is unchecked/unvalidated user input in XML responses, allowing attackers to trigger invalid or spoofed Swift responses. Remediatio...

7.5CVSS9.3AI score0.01894EPSS
CVE
CVEadded 2013/03/22 9:0 p.m.93 views

CVE-2013-0335

CVE-2013-0335 affects OpenStack Nova (Grizzly, Folsom 2012.2, Essex 2012.1). The issue allows remote authenticated users to gain access to a VM by reusing the VNC token of a deleted VM bound to the same VNC port. The OpenStack release notes reference VNC Token Validation as a fix in the 2012.2.4 ...

6CVSS6.4AI score0.02146EPSS
CVE
CVEadded 2013/11/02 7:0 p.m.89 views

CVE-2013-4477

CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...

3.3CVSS6.3AI score0.00444EPSS
CVE
CVEadded 2013/07/09 5:0 p.m.83 views

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

2.1CVSS5.9AI score0.00383EPSS
CVE
CVEadded 2013/08/20 10:0 p.m.80 views

CVE-2013-4155

OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...

4CVSS6AI score0.01661EPSS
CVE
CVEadded 2013/03/22 9:0 p.m.76 views

CVE-2013-1838

CVE-2013-1838 affects OpenStack Nova (Compute) in Grizzly, Folsom (2012.2), and Essex (2012.1). The issue is that quotas for fixed IPs were not properly enforced, enabling remote authenticated users to exhaust resources and potentially block new instance spawns via many addFixedIp calls (DoS). Su...

4CVSS6.2AI score0.02742EPSS
CVE
CVEadded 2013/11/05 8:0 p.m.76 views

CVE-2013-4497

Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...

6.4CVSS6.6AI score0.01808EPSS
CVE
CVEadded 2013/11/02 6:0 p.m.75 views

CVE-2013-4469

CVE-2013-4469 affects OpenStack Nova (Folsom, Grizzly, Havana) where use_cow_images=False allows a local attacker to cause a DoS by transferring a QCOW2 image with a large virtual size but little data, because the code does not verify the image’s virtual size. Root cause noted as an incomplete fi...

1.9CVSS6AI score0.00438EPSS
CVE
CVEadded 2013/10/29 10:0 p.m.69 views

CVE-2013-4261

OpenStack Compute (Nova) Folsom, Grizzly, and earlier versions are affected when using the Apache Qpid RPC backend. The issue arises from improper error handling in messaging, allowing remote attackers to cause a denial of service via connection pool exhaustion by sending long strings to an insta...

3.5CVSS6.4AI score0.01738EPSS
CVE
CVEadded 2014/02/06 2:0 a.m.69 views

CVE-2013-4463

OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...

2.1CVSS5.9AI score0.00368EPSS
CVE
CVEadded 2012/12/26 10:0 p.m.68 views

CVE-2012-5625

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when libvirt with LVM-backed ephemeral storage is used, did not wipe PV content before reallocation to a new instance. This allowed reading memory from the previous LV and potential exposure of sensitive data. Remediation is to upgrade ...

4.3CVSS5.7AI score0.01994EPSS
CVE
CVEadded 2014/02/06 4:0 p.m.67 views

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...

7.1CVSS6.2AI score0.02159EPSS
CVE
CVEadded 2013/12/27 1:0 a.m.55 views

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...

2.1CVSS6.1AI score0.00238EPSS