Lucene search
K
OpenstackHavana

11 matches found

CVE
CVE
added 2013/08/20 10:0 p.m.106 views

CVE-2013-2161

OpenStack Swift (Folsom, Grizzly, Havana) is affected by CVE-2013-2161 due to an XML injection in the account/utils.py path that handles account names. The root cause is unchecked/unvalidated user input in XML responses, allowing attackers to trigger invalid or spoofed Swift responses. Remediatio...

7.5CVSS9.3AI score0.01894EPSS
CVE
CVE
added 2013/11/02 7:0 p.m.90 views

CVE-2013-4477

CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...

3.3CVSS6.3AI score0.00444EPSS
CVE
CVE
added 2013/07/09 5:0 p.m.85 views

CVE-2013-2096

OpenStack Compute (Nova) variants Folsom/Grizzly/Havana fail to verify the QCOW2 image virtual size, enabling local users to trigger host filesystem disk consumption (DoS) by using large virtual sizes with little data. Root cause: incomplete/incorrect validation of QCOW2 virtual size, as noted ac...

2.1CVSS5.9AI score0.00383EPSS
CVE
CVE
added 2013/08/20 10:0 p.m.83 views

CVE-2013-4155

OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...

4CVSS6AI score0.01661EPSS
CVE
CVE
added 2013/11/05 8:0 p.m.78 views

CVE-2013-4497

Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...

6.4CVSS6.6AI score0.01808EPSS
CVE
CVE
added 2013/09/16 7:0 p.m.76 views

CVE-2013-4179

OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...

4.3CVSS6.5AI score0.02703EPSS
CVE
CVE
added 2013/11/02 6:0 p.m.76 views

CVE-2013-4469

CVE-2013-4469 affects OpenStack Nova (Folsom, Grizzly, Havana) where use_cow_images=False allows a local attacker to cause a DoS by transferring a QCOW2 image with a large virtual size but little data, because the code does not verify the image’s virtual size. Root cause noted as an incomplete fi...

1.9CVSS6AI score0.00438EPSS
CVE
CVE
added 2014/01/07 6:0 p.m.72 views

CVE-2013-6419

CVE-2013-6419 affects OpenStack Nova and Neutron. The vulnerability arises from an missing authorization check on the device ID bound to a port, allowing remote tenants to retrieve metadata by spoofing that device ID. Affected components include Nova’s api/metadata/handler.py and Neutron’s neutro...

5CVSS6.2AI score0.01837EPSS
Web
CVE
CVE
added 2014/02/06 2:0 a.m.70 views

CVE-2013-4463

OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...

2.1CVSS5.9AI score0.00368EPSS
CVE
CVE
added 2014/02/06 4:0 p.m.69 views

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...

7.1CVSS6.2AI score0.02159EPSS
CVE
CVE
added 2013/12/27 1:0 a.m.58 views

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...

2.1CVSS6.1AI score0.00238EPSS